On Monday 02 March 2009, Pinar Yanardag wrote: > A buffer overflow vulnerability has been fixed in the latest version > of mpfr. From GNU mpfr changelog [1]: > > --->8--- > Changes from version 2.4.0 to version 2.4.1 > * Security fix in mpfr_snprintf and mpfr_vsnprintf (buffer overflow). > > --->8--- > > [1]: http://www.mpfr.org/mpfr-2.4.1
Is 2.4.1 good to go for stabling?
np
Arches, please test and mark stable: =dev-libs/mpfr-2.4.1_p1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
ppc64 done
CVE-2009-0757 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0757): Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
Sparc stable, "All 148 tests pass."
ppc stable
amd64/x86 stable
alpha/arm/ia64/s390/sh stable
GLSA 200903-13