On Sun, May 6, 2012 at 5:17 PM, Michael Gilbert <michael.s.gilb...@gmail.com> wrote: >> Changes since the last upload are: >> >> * Fixed buffer overruns. >> * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357) >> Thanks to Lucas Nussbaum and Anibal Monsalve Salazar >> for their help and for pointing this out. > > Hi, > > I've just reviewed this package. Since this apparently fixes some > potential security issues (the buffer overruns), could you send a CVE > request message (including a good description of the issues and > including yoru patches) to oss-sec first, and make sure the upstream > developer is aware of the problem also?
Info on oss-sec here: http://oss-security.openwall.org/wiki/mailing-lists/oss-security Best wishes, Mike -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MPJ+=-VPVvXhVj=9l4bedjx1grvnx_dtkaippcovwy...@mail.gmail.com
