[Secure-testing-team] Bug#701897: CVE-2012-5667: buffer overflow with overly long input lines
Raphael Geissert
geissert at debian.org
Thu Feb 28 15:55:40 UTC 2013
Package: grep
Severity: grave
Version: 2.6.3-3
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Hi,
the following vulnerability was published for grep.
CVE-2012-5667[0]:
| Multiple integer overflows in GNU Grep before 2.11 might allow
| context-dependent attackers to execute arbitrary code via vectors
| involving a long input line that triggers a heap-based buffer
| overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
http://security-tracker.debian.org/tracker/CVE-2012-5667
Please adjust the affected versions in the BTS as needed.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Secure-testing-team
mailing list