I wrote a DSA draft, check it please. BTW, JVN's workaround is not correct. There is also the same problem in ChaSen 2.3.3.
-- DSA-xxxx-1 chasen -- buffer overflow Affected Packages: libchasen2 libchasen-dev libtext-chasen-perl Vulnerable: Yes Security database references: In Mitre's CVE dictionary: CVE-2011-4000 In the Japan Vulnerability Notes: JVN16901583 <http://jvn.jp/en/jp/JVN16901583/index.html> More information: It was discovered that buffer overflow in ChaSen's processing of Japanese string parsing in memory. It only affects chasen_sparse_tosrt function, and not chasen command and other parsing function like chasen_fparse_tostr. There is a workaround to use chasen command via pipe, instead of chasen_sparse_tostr function. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
