On mer., 2012-01-18 at 07:47 -0600, Jamie Strandboge wrote: > Well, Marc from my team developed the patch for 0764 based on the only > PoC we were given, and we coordinated that fix (as you know). RedHat in > bug https://bugzilla.redhat.com/show_bug.cgi?id=692909 (see comment #17) > then fixed the remaining crashes. I was under the impression that they > had more PoCs, they did more bounds checking in their patch, and they > actively said all the issues were fixed by their patch. The patches seem > sane, so I am applying them and will be pushing them out to our stable > releases this week.
What puzzled me is that, in the bug report (c23) they seem to say that
the patch (included in the DSA 2388) is enough for 0764 and 155{2,3,4}.
But in the end, the patch that got included was /not/ the patch they
talk about (I missed that). So indeed, I'll prepare a new upload for
Lenny and Squeeze with the final patch.
Regards,
--
Yves-Alexis
signature.asc
Description: This is a digitally signed message part
