Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcl8.3 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: tcl8.3
Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
Changelog since current intrepid version 8.3.5-12:
tcl8.3 (8.3.5-13) unstable; urgency=medium
* Fixed CVE-2007-4772 vulnerability (The regular expression parser in TCL
before 8.4.17 allows attacker to cause a denial of service (infinite
loop) via a crafted regular expression.)
* Fixed CVE-2007-6067 vulnerability (The regular expression parser in TCL
allows users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.)
* Set urgency to medium as this upload fixes a security bug.
* Protected quilt calls in debian/rules to make the source package
convertible to 3.0 (quilt) format (closes: #484912).
* Bumped standards version to 3.8.0.
-- Sergei Golovan <email address hidden> Sat, 05 Jul 2008 17:31:11 +0400
Changed in tcl8.3: | |
importance: | Undecided → Wishlist |
ACKed.