On 2015-03-15 06:42:08 [+0100], Salvatore Bonaccorso wrote: > On Tue, Feb 17, 2015 at 10:07:06AM +0000, Patrick Coleman wrote: > > * Remote null pointer dereference > > A remote user can cause a null pointer dereference by sending a > > malformed Authorization: header. > > http://patrick.ld.net.au/libcsoap/nanohttp-nullp-1.patch > > For this issue CVE-2015-2297 was assigned.
What do we do here? That bug is open for slightly over a year with a security tag and zero activity. We had two patches here which do now 404. popcon goes down and it could have something todo with not beeing part of stable. The current binary depends on libssl1.0.0 which has no source, a binNMU would fix it (just tried, that is why I stumbled over it). So we fix this? Do we remove it? In case we want to fix, has someone a copy of the two patches? > Regards, > Salvatore Sebastian
