On 12/06/2017 09:34 PM, Salvatore Bonaccorso wrote: > Hi Thomas, > > CVE-2017-17051 was not fixed afaics, only the regression which was > introduced by OSSA-2017-005. > > See http://www.openwall.com/lists/oss-security/2017/12/05/5 for > CVE-2017-17051. > > Could you relook? > > Regards, > Salvatore
Hi Salvatore, Indeed, I misunderstood how upstream fixed the problem, and failed to see that there was 2 patches, the announces were indeed a bit confusing. Thanks a lot for finding this out, and ensuring that I did the proper fix. I'll try to push upstream to make a new release of Nova, so that we've got better assurance all issues are addressed. I've already applied upstream patch, the package is building, and I will upload it shortly to Sid. Cheers, Thomas Goirand (zigo)