Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1
Control: tags -1 + confirmed
On Thu, 2019-08-29 at 00:04 +0200, Nicolas Braud-Santoni wrote:
> I would like to backport the fix for CVE-2019-9578 in the next point
> release
> for stretch. Please find enclosed the proposed debdiff.
++ /* the response has to be atleast 17 bytes, if it's more we discard that */
++ if (resplen < 17)
"at least" - it's two words. Also the first half of the comment and the
code itself imply that "more" should be "less".
Please go ahead.
Regards,
Adam
Reply to: