Re: RFS: yubiserver/0.2-2 [RC]
> Changes since the last upload are:
>
> * Fixed buffer overruns.
> * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357)
> Thanks to Lucas Nussbaum and Anibal Monsalve Salazar
> for their help and for pointing this out.
Hi,
I've just reviewed this package. Since this apparently fixes some
potential security issues (the buffer overruns), could you send a CVE
request message (including a good description of the issues and
including yoru patches) to oss-sec first, and make sure the upstream
developer is aware of the problem also?
In the future, please send your sponsorship requests to the
sponsorship-requests pseudo-package so they don't get lost in the
noise.
Thanks,
Mike
Reply to: