[CVE-2007-5395] link-grammar is vulnerable
Bug #162511 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
link-grammar (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Dapper |
Fix Released
|
Low
|
Kees Cook | ||
Edgy |
Fix Released
|
Low
|
Kees Cook | ||
Feisty |
Fix Released
|
Low
|
Kees Cook | ||
Gutsy |
Fix Released
|
Low
|
Kees Cook | ||
Hardy |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: link-grammar
Dear Colleagues,
link-grammar is vulnerable.
From CVE:
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.
I'll attached some debdiffs to versions which are affected to this vulnerability.
Regards,
\sh
Changed in link-grammar: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thanks for getting this prepared. Since this is a user-assisted attack and Edgy and newer should be stack-overflow- protected, I'm giving this a low priority. I will get it uploaded shortly. Thanks!