On Oct 16, Andrew Bartlett <abartlet+debian@catalyst.net.nz> wrote: > I've prepared a a fix for CVE-2014-3158, an integer overflow potentially > permitting a user in the dip group to abuse the privileges of the setuid > root pppd binary by supplying a very, very long options line in > ~/.ppprc. Is this actually known to be exploitable? If you believe that it is worth fixing then your changes look fine to me. -- ciao, Marco
Attachment:
signature.asc
Description: Digital signature