Source: flex Version: 2.5.39-8 Severity: grave Tags: security upstream patch
Hi, the following vulnerability was published for flex, fixing this as grave. It is possible to exploit this remotely, but depending othe application that is build using flex. And there might be furthermore sources with shipped lexers built with the broken flex version. All of those was not investigated. CVE-2016-6354[0]: Buffer overflow in generated code (yy_get_next_buffer); related to num_to_read If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6354 [1] https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 Regards, Salvatore
