On Thu, Nov 1, 2012 at 3:09 PM, Jean-Michel Vourgère wrote: > mcrypt (2.6.8-1.3) unstable; urgency=medium > . > * Non-maintainer upload. > * CVE-2012-4527: stack-based buffer overflow by encryption / decryption of > overly long file names (Closes: #690924) I've reviewed this and it looks mostly good. However, can you explain why you chose ERRWIDTH=PATH_MAX+1024 vs. the redhat patch WIDTH=80? Best wishes, Mike