Hi Thomas, On Thu, Dec 07, 2017 at 09:45:01AM +0100, Thomas Goirand wrote: > On 12/06/2017 09:34 PM, Salvatore Bonaccorso wrote: > > Hi Thomas, > > > > CVE-2017-17051 was not fixed afaics, only the regression which was > > introduced by OSSA-2017-005. > > > > See http://www.openwall.com/lists/oss-security/2017/12/05/5 for > > CVE-2017-17051. > > > > Could you relook? > > > > Regards, > > Salvatore > > Hi Salvatore, > > Indeed, I misunderstood how upstream fixed the problem, and failed to > see that there was 2 patches, the announces were indeed a bit confusing. > Thanks a lot for finding this out, and ensuring that I did the proper > fix. I'll try to push upstream to make a new release of Nova, so that > we've got better assurance all issues are addressed. > > I've already applied upstream patch, the package is building, and I will > upload it shortly to Sid.
Thank you! I have updated the security-tracker recording the fixed version. Regards, Salvatore
