Re: RFS: yubiserver/0.2-2 [RC]

To: Debian Mentors <debian-mentors@lists.debian.org>
Subject: Re: RFS: yubiserver/0.2-2 [RC]
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sun, 6 May 2012 17:17:28 -0400
Message-id: <[🔎] CANTw=MO5pyhYSquKav19RuUq141qEq3kfQoeEUoVR_0Lx3rKwQ@mail.gmail.com>
In-reply-to: <20120428082220.GB5462@dinofilaria.home>
References: <20120428082220.GB5462@dinofilaria.home>

> Changes since the last upload are:
>
> * Fixed buffer overruns.
> * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357)
>  Thanks to Lucas Nussbaum and Anibal Monsalve Salazar
>  for their help and for pointing this out.

Hi,

I've just reviewed this package.  Since this apparently fixes some
potential security issues (the buffer overruns), could you send a CVE
request message (including a good description of the issues and
including yoru patches) to oss-sec first, and make sure the upstream
developer is aware of the problem also?

In the future, please send your sponsorship requests to the
sponsorship-requests pseudo-package so they don't get lost in the
noise.

Thanks,
Mike

Reply to:

Follow-Ups:
- Re: RFS: yubiserver/0.2-2 [RC]
  - From: Michael Gilbert <mgilbert@debian.org>

Prev by Date: Bug#671701: RFS: autofs/5.0.6-1 [ITA] -- kernel-based automounter for Linux
Next by Date: Re: RFS: yubiserver/0.2-2 [RC]
Previous by thread: Bug#671755: marked as done (RFS: php-benchmark/1.2.9-1)
Next by thread: Re: RFS: yubiserver/0.2-2 [RC]
Index(es):
- Date
- Thread