[debian-devel:14846] jgroff: printf format attack

[Tatsuya Kinoshita <tats@xxxxxxxxxx>]

Package: jgroff
Version: 1.15+ja-3.2

I found a security problem of potato's `jgroff' package on the
`Omoikane GNU/Linux' security information page.

(`jgroff' is a Japanese extended `groff'.  Woody's `groff' has
merged it.  `Omoikane GNU/Linux' is a Debian based distribution.)

I sent a bug report to the BTS last Wednesday, but I have heard
nothing from the package maintainer yet.

Please check Bug#129374:

> Debian potato's jgroff 1.15+ja-3.2 has the same problem as DSA-072-1.
> 
>   DSA-072-1 groff: printf format attack
>   http://www.debian.org/security/2001/dsa-072
> 
>   Omoikane GNU/Linux security information (in Japanese)
>   http://www.omoikane.co.jp/security.html
> 
> This has been fixed in the Omoikane GNU/Linux updates:
> 
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1.diff.gz
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1.dsc
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1_i386.changes
>   http://dimension.sys.i.kyoto-u.ac.jp/mirror/ftp.omoikane.co.jp/tree/ogl_1.2_i386_updates/jgroff_1.15+ja-3.2o1_i386.deb

-- 
Tatsuya Kinoshita