[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
From: "Matthew R. Dempsky" <mrd@xxxxxxxxxxx>
Date: Mon, 27 Mar 2006 20:08:53 -0600

On Tue, Mar 28, 2006 at 01:19:34AM +0200, Moritz Muehlenhoff wrote:
> If you use code, which is derived from a vulnerable lex grammar in
> an untrusted environment you need to regenerate your scanner with the
> fixed version of flex.

Do any Debian packages include such a vulnerable grammar?  (If so, will 
rebuilt packages be provided?)

Follow-Ups:
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
  - From: Moritz Muehlenhoff

References:
- [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
  - From: Moritz Muehlenhoff

Prev by Date: Announcement: The Web Hacking Incidents Database
Next by Date: Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution)
Previous by thread: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
Next by thread: Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
Index(es):
- Date
- Thread