[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060328212420.GA6512@galadriel.inutil.org>
Date: Tue, 28 Mar 2006 23:24:20 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: "Matthew R. Dempsky" <mrd@...emio.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
In gmane.comp.security.bugtraq, you wrote:
> On Tue, Mar 28, 2006 at 01:19:34AM +0200, Moritz Muehlenhoff wrote:
>> If you use code, which is derived from a vulnerable lex grammar in
>> an untrusted environment you need to regenerate your scanner with the
>> fixed version of flex.
>
> Do any Debian packages include such a vulnerable grammar? (If so, will
> rebuilt packages be provided?)
The packages including affected grammars or pregenerated code of that
kind have been identified and are being checked for exploitability.
Updates will be issued where necessary.
Cheers,
Moritz
Powered by blists - more mailing lists