Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)

To: Chris Lamb <lamby@debian.org>
Cc: Matt Palmer <mpalmer@debian.org>, debian-lts@lists.debian.org
Subject: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
From: "W. Martin Borgert" <debacle@debian.org>
Date: Fri, 2 Jun 2017 10:31:44 +0200
Message-id: <[🔎] 20170602083144.ntv3bvjku3n7dldw@fama>
In-reply-to: <[🔎] 1496391710.2753311.996347584.47455740@webmail.messagingengine.com>
References: <E1dGXVq-0002ls-FH@seger.debian.org> <20170602080724.kavoqpquwddrjny4@fama> <[🔎] 1496391710.2753311.996347584.47455740@webmail.messagingengine.com>

On 2017-06-02 09:21, Chris Lamb wrote:
> It's the "same" patch but I also needed to backport split.[ch]. Some
> of the run_cmd callsites were also different in the 1.7 version so it's
> not identical.

Just to be sure, we talk about the same patch...
I meant the one I added Tue, 30 May 2017 to the bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=863671;filename=fix-command-injection-vulnerability;msg=14
It also contains split.[ch] and changed run_cmd calls.
Are there more differences?

Reply to:

Follow-Ups:
- Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
  - From: Chris Lamb <lamby@debian.org>

References:
- Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: tiff and CVE-2016-10095
Next by Date: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
Previous by thread: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
Next by thread: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
Index(es):
- Date
- Thread