Bugtraq mailing list archives
Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 28 Mar 2006 23:24:20 +0200
In gmane.comp.security.bugtraq, you wrote:
On Tue, Mar 28, 2006 at 01:19:34AM +0200, Moritz Muehlenhoff wrote:If you use code, which is derived from a vulnerable lex grammar in an untrusted environment you need to regenerate your scanner with the fixed version of flex.Do any Debian packages include such a vulnerable grammar? (If so, will rebuilt packages be provided?)
The packages including affected grammars or pregenerated code of that kind have been identified and are being checked for exploitability. Updates will be issued where necessary. Cheers, Moritz
Current thread:
- [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Moritz Muehlenhoff (Mar 27)
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Matthew R. Dempsky (Mar 28)
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Moritz Muehlenhoff (Mar 29)
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation Matthew R. Dempsky (Mar 28)