Candidate: CVE-2012-6089
PublicDate: 2013-01-04 11:52:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6089
 https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
 http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c
 http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c
 https://bugzilla.redhat.com/show_bug.cgi?id=891577
 http://openwall.com/lists/oss-security/2013/01/03/7
Description:
 Multiple stack-based buffer overflows in the canoniseFileName function in
 os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote
 attackers to cause a denial of service (application crash) or possibly
 execute arbitrary code via a crafted filename.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_swi-prolog:
upstream_swi-prolog: released (6.2.5-1, 6.3.7)
hardy_swi-prolog: ignored (reached end-of-life)
lucid_swi-prolog: ignored (reached end-of-life)
oneiric_swi-prolog: ignored (reached end-of-life)
precise_swi-prolog: ignored (reached end-of-life)
precise/esm_swi-prolog: DNE (precise was needed)
quantal_swi-prolog: ignored (reached end-of-life)
raring_swi-prolog: ignored (reached end-of-life)
saucy_swi-prolog: ignored (reached end-of-life)
trusty_swi-prolog: not-affected (6.6.4-2ubuntu1)
trusty/esm_swi-prolog: DNE (trusty was not-affected [6.6.4-2ubuntu1])
utopic_swi-prolog: ignored (reached end-of-life)
vivid_swi-prolog: ignored (reached end-of-life)
vivid/stable-phone-overlay_swi-prolog: DNE
vivid/ubuntu-core_swi-prolog: DNE
wily_swi-prolog: ignored (reached end-of-life)
xenial_swi-prolog: not-affected (6.6.4-2ubuntu1)
yakkety_swi-prolog: ignored (reached end-of-life)
zesty_swi-prolog: ignored (reached end-of-life)
artful_swi-prolog: ignored (reached end-of-life)
bionic_swi-prolog: not-affected (6.6.4-2ubuntu1)
cosmic_swi-prolog: not-affected (6.6.4-2ubuntu1)
devel_swi-prolog: not-affected (6.6.4-2ubuntu1)