Re: RFS: yubiserver/0.2-2 [RC]

To: Debian Mentors <debian-mentors@lists.debian.org>
Subject: Re: RFS: yubiserver/0.2-2 [RC]
From: Michael Gilbert <mgilbert@debian.org>
Date: Sun, 6 May 2012 17:18:17 -0400
Message-id: <[🔎] CANTw=MPJ+=-VPVvXhVj=9L4Bedjx1gRvnx_dtKaiPPcovwYmhw@mail.gmail.com>
In-reply-to: <[🔎] CANTw=MO5pyhYSquKav19RuUq141qEq3kfQoeEUoVR_0Lx3rKwQ@mail.gmail.com>
References: <20120428082220.GB5462@dinofilaria.home> <[🔎] CANTw=MO5pyhYSquKav19RuUq141qEq3kfQoeEUoVR_0Lx3rKwQ@mail.gmail.com>

On Sun, May 6, 2012 at 5:17 PM, Michael Gilbert
<michael.s.gilbert@gmail.com> wrote:
>> Changes since the last upload are:
>>
>> * Fixed buffer overruns.
>> * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357)
>>  Thanks to Lucas Nussbaum and Anibal Monsalve Salazar
>>  for their help and for pointing this out.
>
> Hi,
>
> I've just reviewed this package.  Since this apparently fixes some
> potential security issues (the buffer overruns), could you send a CVE
> request message (including a good description of the issues and
> including yoru patches) to oss-sec first, and make sure the upstream
> developer is aware of the problem also?

Info on oss-sec here:
http://oss-security.openwall.org/wiki/mailing-lists/oss-security

Best wishes,
Mike

Reply to:

References:
- Re: RFS: yubiserver/0.2-2 [RC]
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: RFS: yubiserver/0.2-2 [RC]
Next by Date: Bug#662076: RFS: pam-shield/0.9.2-3.3 [NMU] [RC]
Previous by thread: Re: RFS: yubiserver/0.2-2 [RC]
Next by thread: Bug#662076: RFS: pam-shield/0.9.2-3.3 [NMU] [RC]
Index(es):
- Date
- Thread