[Bug 246423] [NEW] Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
Launchpad Bug Tracker
246423 at bugs.launchpad.net
Tue Jul 8 06:49:47 BST 2008
You have been subscribed to a public bug by Daniel Holbach (dholbach):
Binary package hint: tcl8.3
Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
Changelog since current intrepid version 8.3.5-12:
tcl8.3 (8.3.5-13) unstable; urgency=medium
* Fixed CVE-2007-4772 vulnerability (The regular expression parser in TCL
before 8.4.17 allows attacker to cause a denial of service (infinite
loop) via a crafted regular expression.)
* Fixed CVE-2007-6067 vulnerability (The regular expression parser in TCL
allows users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.)
* Set urgency to medium as this upload fixes a security bug.
* Protected quilt calls in debian/rules to make the source package
convertible to 3.0 (quilt) format (closes: #484912).
* Bumped standards version to 3.8.0.
-- Sergei Golovan <sgolovan at debian.org> Sat, 05 Jul 2008 17:31:11
+0400
** Affects: tcl8.3 (Ubuntu)
Importance: Wishlist
Status: New
--
Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
https://bugs.edge.launchpad.net/bugs/246423
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list