Re: RFS: yubiserver/0.2-2 [RC]
On Sun, May 6, 2012 at 5:17 PM, Michael Gilbert
<michael.s.gilbert@gmail.com> wrote:
>> Changes since the last upload are:
>>
>> * Fixed buffer overruns.
>> * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357)
>> Thanks to Lucas Nussbaum and Anibal Monsalve Salazar
>> for their help and for pointing this out.
>
> Hi,
>
> I've just reviewed this package. Since this apparently fixes some
> potential security issues (the buffer overruns), could you send a CVE
> request message (including a good description of the issues and
> including yoru patches) to oss-sec first, and make sure the upstream
> developer is aware of the problem also?
Info on oss-sec here:
http://oss-security.openwall.org/wiki/mailing-lists/oss-security
Best wishes,
Mike
Reply to: