byacc vulnerability

[Petr Machata]

Hi everyone,

I've just requested a push that fixes #454583: byacc vulnerable to
public buffer overflow.  The bug has been around for past thirty
years, so my guess would be it's rather benign, but what do I know.
Owners of packages dependent on byacc might want to rebuild.

For F-9, repoquery gives me the following list:

alliance-0:5.0-16.20070718snap.fc9.src
brltty-0:3.9-2.2.fc9.src
checkpolicy-0:2.0.14-1.fc9.src
compat-flex-0:2.5.4a-4.fc9.src
condor-0:7.0.0-8.fc9.src
cproto-0:4.7f-3.fc9.src
cvsgraph-0:1.6.1-6.fc9.src
dictd-0:1.10.9-2.src
evolution-0:2.22.3.1-1.fc9.src
geomview-0:1.9.4-8.fc9.src
glusterfs-0:1.3.8-0.8.fc9.src
gmediaserver-0:0.13.0-3.fc9.src
groff-0:1.18.1.4-14.fc9.src
gtk-gnutella-0:0.96.5-1.fc9.src
hdf-0:4.2r3-2.fc9.src
inn-0:2.4.4-1.fc9.src
jam-0:2.5-6.fc9.src
kannel-0:1.4.1-7.src
kdelibs3-0:3.5.9-8.fc9.src
linux-atm-0:2.5.0-5.src
milter-regex-0:1.7-3.fc9.src
monit-0:4.10.1-7.fc9.src
ncl-0:5.0.0-11.fc9.src
nethack-vultures-0:2.1.0-10.fc8.src
pcmciautils-0:014-12.fc9.src
postgis-0:1.3.3-1.fc9.src
radvd-0:1.1-2.fc9.src
rdist-1:6.1.5-45.src
rpld-0:1.8-0.3.beta1.fc9.src
ruby-0:1.8.6.230-4.fc9.src
seedit-0:2.2.0-2.fc9.src
squidGuard-0:1.2.0-18.fc9.src
syslog-ng-0:2.0.8-1.fc9.src
tin-0:1.8.3-4.fc9.src
xorg-x11-server-0:1.4.99.905-1.20080701.fc9.src
yasm-0:0.6.2-2.fc9.src

PM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20080714/b9677692/attachment.bin