[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libqb / CVE-2019-12779

Hi Brian,

> libqb
>   NOTE: 20190616: Upstream patch does not apply at all, but it appears that     
>   NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
>   NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)

NB. "appears that" — it was a rather cursory glance from me...

> If you want to look at libqb probably worth double checking this in case
> I got something wrong/confused :-)

Indeed. However, can you add your comments to data/dla-needed.txt or
link to your previous reply in the mailing list archives? That way,
whoever does look at the package does not miss your fine investigatory

Best wishes,

     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: