[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#936007: stretch-pu: package libu2f-host/1.1.2-2+deb9u1



Control: tags -1 + confirmed

On Thu, 2019-08-29 at 00:04 +0200, Nicolas Braud-Santoni wrote:
> I would like to backport the fix for CVE-2019-9578 in the next point
> release
> for stretch.  Please find enclosed the proposed debdiff.

++      /* the response has to be atleast 17 bytes, if it's more we discard that */
++      if (resplen < 17)

"at least" - it's two words. Also the first half of the comment and the
code itself imply that "more" should be "less".

Please go ahead.

Regards,

Adam


Reply to: