Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1

To: Nicolas Braud-Santoni <nicoo@debian.org>, 936007@bugs.debian.org
Subject: Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 29 Aug 2019 22:28:33 +0100
Message-id: <[🔎] 03cf0c47aac858548b53452ee7c31336a65b7778.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 936007@bugs.debian.org
In-reply-to: <[🔎] 156702987695.24503.16806397952022451929.reportbug@neon.citronna.de>
References: <[🔎] 156702987695.24503.16806397952022451929.reportbug@neon.citronna.de> <[🔎] 156702987695.24503.16806397952022451929.reportbug@neon.citronna.de>

Control: tags -1 + confirmed

On Thu, 2019-08-29 at 00:04 +0200, Nicolas Braud-Santoni wrote:
> I would like to backport the fix for CVE-2019-9578 in the next point
> release
> for stretch.  Please find enclosed the proposed debdiff.

++      /* the response has to be atleast 17 bytes, if it's more we discard that */
++      if (resplen < 17)

"at least" - it's two words. Also the first half of the comment and the
code itself imply that "more" should be "less".

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1
  - From: Nicolas Braud-Santoni <nicoo@debian.org>

References:
- Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1
  - From: Nicolas Braud-Santoni <nicoo@debian.org>

Prev by Date: Processed: Re: Bug#935976: stretch-pu: package node-ws/1.1.0+ds1.e6ddaae4-3+deb9u1
Next by Date: Bug#935308: messed up regex
Previous by thread: Processed: Re: Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1
Next by thread: Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1
Index(es):
- Date
- Thread