Hi Salvatore, This is the second time you /saved/ me (sorry for my limited Spanish) :)
On Mon, Oct 16, 2017 at 7:12 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Hello Mathieu, > > On Mon, Oct 16, 2017 at 06:12:30PM +0200, Mathieu Malaterre wrote: >> Control: severity -1 important >> >> While I understand the this generic heap based buffer overflow ought >> to be fixed in Debian stable, I fail to see why it is marked as >> affecting stretch. > [...] > > > In my initial report I wrote: "The issue is covered by [3], so trying > to reproduce the issue leads to an assertion failure up to the version > in sid instead." > > My point was, yes if you try to reproduce with current version you > will reach the assertion, because it's yet covered by the missing > commit 4241ae6fbbf1de9658764a80944dc8108f2b4154. Applying that as well > shows the underlying issue. Indeed I missed your carefully written bug report(s). Can't believe I could not use one of those fancy AI to figure out the whitespace/indent changes to merge those original commits. Anyway I've manually fixed all those. Pushed +deb9u2 a moment ago. Thanks again for your bug report(s) they contained all the details needed. -M