[Pkg-tcltk-devel] tcl8.3 stable update for CVE-2007-4772
Nico Golde
nion at debian.org
Sun Jan 25 16:18:18 UTC 2009
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for tcl8.3/tcl8.4 some time ago.
CVE-2007-4772[0]:
| The regular expression parser in TCL before 8.4.17, as used in
| PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and
| 7.4 before 7.4.19, allows context-dependent attackers to cause a
| denial of service (infinite loop) via a crafted regular expression.
Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable. It does
not warrant a DSA.
However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.
This is an automatically generated mail, in case you are already working on an
upgrade this is of course pointless.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
[1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-tcltk-devel/attachments/20090125/b1d9c160/attachment.pgp
More information about the Pkg-tcltk-devel
mailing list