On Sun, May 6, 2012 at 5:17 PM, Michael Gilbert <[email protected]> wrote: >> Changes since the last upload are: >> >> * Fixed buffer overruns. >> * Fixed FTBFS bug in debian/rules file. (Closes: Bug#666357) >> Thanks to Lucas Nussbaum and Anibal Monsalve Salazar >> for their help and for pointing this out. > > Hi, > > I've just reviewed this package. Since this apparently fixes some > potential security issues (the buffer overruns), could you send a CVE > request message (including a good description of the issues and > including yoru patches) to oss-sec first, and make sure the upstream > developer is aware of the problem also?
Info on oss-sec here: http://oss-security.openwall.org/wiki/mailing-lists/oss-security Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CANTw=MPJ+=-VPVvXhVj=9l4bedjx1grvnx_dtkaippcovwy...@mail.gmail.com
