Hi everyone, I've just requested a push that fixes #454583: byacc vulnerable to public buffer overflow. The bug has been around for past thirty years, so my guess would be it's rather benign, but what do I know. Owners of packages dependent on byacc might want to rebuild. For F-9, repoquery gives me the following list: alliance-0:5.0-16.20070718snap.fc9.src brltty-0:3.9-2.2.fc9.src checkpolicy-0:2.0.14-1.fc9.src compat-flex-0:2.5.4a-4.fc9.src condor-0:7.0.0-8.fc9.src cproto-0:4.7f-3.fc9.src cvsgraph-0:1.6.1-6.fc9.src dictd-0:1.10.9-2.src evolution-0:2.22.3.1-1.fc9.src geomview-0:1.9.4-8.fc9.src glusterfs-0:1.3.8-0.8.fc9.src gmediaserver-0:0.13.0-3.fc9.src groff-0:1.18.1.4-14.fc9.src gtk-gnutella-0:0.96.5-1.fc9.src hdf-0:4.2r3-2.fc9.src inn-0:2.4.4-1.fc9.src jam-0:2.5-6.fc9.src kannel-0:1.4.1-7.src kdelibs3-0:3.5.9-8.fc9.src linux-atm-0:2.5.0-5.src milter-regex-0:1.7-3.fc9.src monit-0:4.10.1-7.fc9.src ncl-0:5.0.0-11.fc9.src nethack-vultures-0:2.1.0-10.fc8.src pcmciautils-0:014-12.fc9.src postgis-0:1.3.3-1.fc9.src radvd-0:1.1-2.fc9.src rdist-1:6.1.5-45.src rpld-0:1.8-0.3.beta1.fc9.src ruby-0:1.8.6.230-4.fc9.src seedit-0:2.2.0-2.fc9.src squidGuard-0:1.2.0-18.fc9.src syslog-ng-0:2.0.8-1.fc9.src tin-0:1.8.3-4.fc9.src xorg-x11-server-0:1.4.99.905-1.20080701.fc9.src yasm-0:0.6.2-2.fc9.src PM
Attachment:
pgpnrhGwXSj8w.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
