Re: libqb / CVE-2019-12779
Hi Brian,
> libqb
> NOTE: 20190616: Upstream patch does not apply at all, but it appears that
> NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
> NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)
NB. "appears that" — it was a rather cursory glance from me...
> If you want to look at libqb probably worth double checking this in case
> I got something wrong/confused :-)
Indeed. However, can you add your comments to data/dla-needed.txt or
link to your previous reply in the mailing list archives? That way,
whoever does look at the package does not miss your fine investigatory
work.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
Reply to: