Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tcl8.3 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
Binary package hint: tcl8.3
Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
Changelog since current intrepid version 8.3.5-12:
tcl8.3 (8.3.5-13) unstable; urgency=medium
* Fixed CVE-2007-4772 vulnerability (The regular expression parser in TCL
before 8.4.17 allows attacker to cause a denial of service (infinite
loop) via a crafted regular expression.)
* Fixed CVE-2007-6067 vulnerability (The regular expression parser in TCL
allows users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.)
* Set urgency to medium as this upload fixes a security bug.
* Protected quilt calls in debian/rules to make the source package
convertible to 3.0 (quilt) format (closes: #484912).
* Bumped standards version to 3.8.0.
-- Sergei Golovan <email address hidden> Sat, 05 Jul 2008 17:31:11 +0400
| Changed in tcl8.3: | |
| importance: | Undecided → Wishlist |
| Daniel Holbach (dholbach) wrote ACK of sync request | #1 |
| Martin Pitt (pitti) wrote | #2 |
| Changed in tcl8.3: | |
| status: | New → Fix Released |
ACKed.