Mageia alert MGASA-2014-0346 (sdcc)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2014-0346: Updated sdcc packages fix a security vulnerability 
Date:
    	       Fri, 22 Aug 2014 12:58:28 +0200
Message-ID:
    	       <20140822105828.E2AC05C45E@valstar.mageia.org>
MGASA-2014-0346 - Updated sdcc packages fix a security vulnerability

Publication date: 22 Aug 2014
URL: http://advisories.mageia.org/MGASA-2014-0346.html

Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2012-3509

Description:
Integer overflow, leading to heap-buffer overflow by processing certain
file headers via bfd binary. (CVE-2012-3509)

A nonfree package is also now available, which provides components that
cannot be included in the core repository.

In addition, this update obsoletes sdcc2.9, which is old and probably has
the same security vulnerability.

References:
- https://bugs.mageia.org/show_bug.cgi?id=13841

- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3509


SRPMS:
- 4/core/sdcc-3.4.0-6.mga4
- 4/nonfree/sdcc-3.4.0-6.mga4.nonfree
- 3/core/sdcc-3.4.0-6.mga3
- 3/nonfree/sdcc-3.4.0-6.mga3.nonfree

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2014-0346: Updated sdcc packages fix a security vulnerability
Date:		Fri, 22 Aug 2014 12:58:28 +0200
Message-ID:		<20140822105828.E2AC05C45E@valstar.mageia.org>