Package: pvm-dev Version: 3.4.5-12.5 Severity: grave Tags: security Justification: user security hole
trcsort has a buffer overflow vulnerability. A PoC file is attached. Command line to reproduce the bug: $ /usr/bin/trcsort foo -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pvm-dev depends on: ii libc6 2.13-38 ii libpvm3 3.4.5-12.5 ii libreadline-dev 6.2+dfsg-0.1 ii pvm 3.4.5-12.5 pvm-dev recommends no packages. pvm-dev suggests no packages.
foo
Description: Binary data
