On Sat, Nov 17, 2012 at 03:00:04PM +0100, Yves-Alexis Perez wrote: > On sam., 2012-11-17 at 11:30 +0100, Pierre Chifflier wrote: > > Hi Security Team, > > > > I'm forwarding this email to ask for review on the correction for > > CVE-2012-0698 in stable (other versions are not affected). > > > Hey, > > is the fixed package robust against the python script and did you test > if it didn't break anything?
Hi, I've basically tested the package (running tpm_info), so far it seems ok. The server does not crash anymore on the python script. > > This comment (https://bugzilla.redhat.com/show_bug.cgi?id=781648#c12) > from the redhat bug is a bit concerning, although I'm not sure to what > it's referring too. > That is the upstream fix I have included. I think the comments is related to the fact that, while it does fix the crash from the python script, there may be concerns from other possible functions affected by the same problem. None seems to have happened since this fix, so I think it's ok to include it in stable, and testing/sid have newer versions. Regards, Pierre
signature.asc
Description: Digital signature