Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
From: "Matthew R. Dempsky" <mrd@xxxxxxxxxxx>
Date: Mon, 27 Mar 2006 20:08:53 -0600
In-reply-to: <20060327231956.GA6608@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060327231956.GA6608@xxxxxxxxxxxxxxxxxxxx>

On Tue, Mar 28, 2006 at 01:19:34AM +0200, Moritz Muehlenhoff wrote:
> If you use code, which is derived from a vulnerable lex grammar in
> an untrusted environment you need to regenerate your scanner with the
> fixed version of flex.

Do any Debian packages include such a vulnerable grammar?  (If so, will 
rebuilt packages be provided?)

Follow-Ups:
- Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
  - From: Moritz Muehlenhoff

References:
- [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
  - From: Moritz Muehlenhoff

Prev by Date: Announcement: The Web Hacking Incidents Database
Next by Date: Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution)
Previous by thread: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
Next by thread: Re: [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation
Index(es):
- Date
- Thread