On 07/03/2017 11:36 AM, Cyril Brulebois wrote: > Bas Couwenberg <sebas...@xs4all.nl> (2017-07-01): >> protozero 1.5.1 in stretch contains a serious bug that was fixed in >> 1.5.2. The fix has been cherry-picked and I'd like to upload this >> proposed-update. >> >> >From the changelog and patch description: >> >> " >> This fixes a rather embarrassing bug in the equality operator of the >> data_view class. The equality operator is actually never used in the >> protozero code itself, but users of protozero might use it. This is a >> serious bug that could lead to buffer overrun type problems. >> " >> >> The issue was pointed out by the upstream author in: >> >> https://lists.debian.org/debian-gis/2017/07/msg00000.html > > Ah right, \0 characters are fun… > > This looks good to me, but we'll need to wait until 1.5.2-1 has reached > testing before accepting this from stretch-new; either upload now, and > ping when it's migrated; or upload when it's migrated, and ping us right > afterwards. Ping. protozero (1.5.2-1) migrated to testing today, and protozero (1.5.1-1+deb9u1) was uploaded a few days ago.
Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
signature.asc
Description: OpenPGP digital signature
