On Fri, Jun 19, 2015 at 02:07:10PM +0200, Guido Günther wrote:
> Hi,
> On Tue, Jun 16, 2015 at 06:26:31AM +0200, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > A second CVE was assigned for a further issue:
> >
> > http://www.openwall.com/lists/oss-security/2015/06/16/4
> > (CVE-2015-4588).
>
> Attached debdiff fixes the two CVEs on squeeze-lts. Since sid,jessie and
> wheezy ship basically the same versions it should easily apply there as
> well.
>
> With the patches applied I couldn't reproduce the crashes anymore as
> descibed at:
>
> http://seclists.org/oss-sec/2015/q2/597
>
> I'd appreciate any comments / reviews before releasing the DLA.
I started to work on that for wheezy/jessie (but haven't build those
yet). I can double-check against my patches on the weekend and get
back to you.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
