[Pkg-haskell-maintainers] Bug#776533: libghc-aeson-dev-7.0.3 has serious vulnerability to DOS attack.
Shohei Murayama
shohei.murayama at gmail.com
Thu Jan 29 02:35:14 UTC 2015
Package: libghc-aeson-dev
Version: 0.7.0.3-1+b2
Severity: important
Dear Maintainer,
The aeson-7.0.3 package has serious vulnerbility to DOS attack.
This issue had already reported and completely fixed in upstream,
see the URL.
https://github.com/bos/aeson/issues/198
The following packages had been updated in order to fix the issue.
aeson-7.0.3 -> aeson-7.0.6
scientific-0.2.0.2 -> scientific-3.2.0
attoparsec-0.11.2.1 -> attoparsec-0.11.3.4
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libghc-aeson-dev depends on:
ii libc6 2.19-13
ii libffi5 3.0.10-3
pn libghc-attoparsec-dev-0.10.1.1-54f68 <none>
pn libghc-base-dev-4.5.0.0-40b99 <none>
pn libghc-blaze-builder-dev-0.3.1.0-4b485 <none>
pn libghc-bytestring-dev-0.9.2.1-18f26 <none>
pn libghc-containers-dev-0.4.2.1-cfc64 <none>
pn libghc-deepseq-dev-1.3.0.0-a73ec <none>
pn libghc-dlist-dev-0.5-72763 <none>
pn libghc-ghc-prim-dev-0.2.0.0-c2ff6 <none>
pn libghc-hashable-dev-1.1.2.3-1b1ae <none>
pn libghc-mtl-dev-2.1.1-80110 <none>
pn libghc-old-locale-dev-1.0.0.4-a2c3d <none>
pn libghc-syb-dev-0.3.6.1-25afc <none>
pn libghc-template-haskell-dev-2.7.0.0-8c8cd <none>
pn libghc-text-dev-0.11.2.0-cbc26 <none>
pn libghc-time-dev-1.4-96b42 <none>
pn libghc-unordered-containers-dev-0.2.1.0-6c854 <none>
pn libghc-vector-dev-0.9.1-5feab <none>
ii libgmp10 2:6.0.0+dfsg-6
libghc-aeson-dev recommends no packages.
Versions of packages libghc-aeson-dev suggests:
pn libghc-aeson-doc <none>
pn libghc-aeson-prof <none>
More information about the Pkg-haskell-maintainers
mailing list