Control: tag -1 confirmed Hi, Bas Couwenberg <sebastic@xs4all.nl> (2017-07-01): > protozero 1.5.1 in stretch contains a serious bug that was fixed in > 1.5.2. The fix has been cherry-picked and I'd like to upload this > proposed-update. > > >From the changelog and patch description: > > " > This fixes a rather embarrassing bug in the equality operator of the > data_view class. The equality operator is actually never used in the > protozero code itself, but users of protozero might use it. This is a > serious bug that could lead to buffer overrun type problems. > " > > The issue was pointed out by the upstream author in: > > https://lists.debian.org/debian-gis/2017/07/msg00000.html Ah right, \0 characters are fun… This looks good to me, but we'll need to wait until 1.5.2-1 has reached testing before accepting this from stretch-new; either upload now, and ping when it's migrated; or upload when it's migrated, and ping us right afterwards. Thanks. KiBi.
Attachment:
signature.asc
Description: Digital signature