On Tue, 29 Apr 2014, Liu DongMiao wrote: > After checking the patch, I found the it's CVE-2013-6466.patch, it > removes the compatible code for mac os x and ios, which use a bad > draft. Now, I have fixed this, and test on mac os x and ios. However, > I didn't test on other platform, such as linux, windows.
Did you test to make sure you did not reintroduce CVE-2013-6466? While your patch is simple, the patch that fixed CVE-2013-6466 is not and touched a lot of code. It was not immediately obvious -- at least to me -- that reenabling the compatibiliy code will still work well after the changes done to fix CVE-2013-6466. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
