|
From: | Thomas Moschny |
Subject: | Re: [Monotone-devel] status of nvm.stripped |
Date: | Mon, 19 Jan 2009 09:55:01 +0100 |
User-agent: | Thunderbird 2.0.0.19 (X11/20090105) |
Zack Weinberg wrote: > I'd prefer not to drop the minimum version below the most recent point > at which an exploitable crasher bug was fixed, which (according to > pcre's NEWS file) was 7.6. There probably isn't an attack vector with > our usage but I can't prove it so I'd rather be safe. > > (Can you find out if FC9 backported those fixes?) The pcre package in F9 has a backported fix for CVE-2008-0674, and also a fix for the more recent CVE-2008-2371 problem. - Thomas
[Prev in Thread] | Current Thread | [Next in Thread] |