Re: [SRM] netkit-telnet-ssl buffer overflow

2014-07-13 Thread Adam D. Barratt
On Sun, 2014-07-13 at 21:13 +0100, Ian Beckwith wrote: > On Sun, Jun 22, 2014 at 05:10:38PM +0100, Adam D. Barratt wrote: > > Please feel free to go ahead with an upload containing that patch. The > > package should be versioned as 0.17.24+0.1-23+deb7u1, use "wheezy" as > > the changelog distributi

Re: [SRM] netkit-telnet-ssl buffer overflow

2014-07-13 Thread Ian Beckwith
Hi, On Sun, Jun 22, 2014 at 05:10:38PM +0100, Adam D. Barratt wrote: > Please feel free to go ahead with an upload containing that patch. The > package should be versioned as 0.17.24+0.1-23+deb7u1, use "wheezy" as > the changelog distribution and be built on a wheezy system or in a > suitable chro

Re: [SRM] netkit-telnet-ssl buffer overflow

2014-06-22 Thread Adam D. Barratt
Hi, Apologies for the delay in getting back to you. For future reference, such requests are much easier for us to track, and less likely to fall between the cracks, if filed as appropriately usertagged bugs (e.g. via "reportbug release.debian.org"). On Sun, 2014-03-09 at 18:21 +, Ian Beckwit

[SRM] netkit-telnet-ssl buffer overflow

2014-03-09 Thread Ian Beckwith
Hi, The security team forwarded a buffer overflow bug in netkit-telnet-ssl to me. The bug turned out not to be exploitable, it just causes a segfault, but they recommended I contact the SRMs to include it in a stable update. The fixed version, 0.17.24+0.1-24, is in testing. The diff from -23 con