Re: libqb / CVE-2019-12779

To: "Brian May" <brian@linuxpenguins.xyz>, debian-lts@lists.debian.org
Subject: Re: libqb / CVE-2019-12779
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 18 Jun 2019 09:14:46 +0100
Message-id: <[🔎] c737f6f6-9470-4225-82cc-d97bf9ccfe43@www.fastmail.com>
In-reply-to: <[🔎] 87sgs7z5ay.fsf@silverfish.pri>
References: <[🔎] 87sgs7z5ay.fsf@silverfish.pri>

Hi Brian,

> libqb
>   NOTE: 20190616: Upstream patch does not apply at all, but it appears that     
>   NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
>   NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)

NB. "appears that" — it was a rather cursory glance from me...

> If you want to look at libqb probably worth double checking this in case
> I got something wrong/confused :-)

Indeed. However, can you add your comments to data/dla-needed.txt or
link to your previous reply in the mailing list archives? That way,
whoever does look at the package does not miss your fine investigatory
work.


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

References:
- libqb / CVE-2019-12779
  - From: Brian May <brian@linuxpenguins.xyz>

Prev by Date: libqb / CVE-2019-12779
Next by Date: Re: libqb / CVE-2019-12779
Previous by thread: libqb / CVE-2019-12779
Next by thread: Re: libqb / CVE-2019-12779
Index(es):
- Date
- Thread