* Ilkka Virta: > On 16.12.2013 22:43, Simon Josefsson wrote: >> Thanks for the report and looking into this issue. Alas the timing >> here was bad, and I am just returning from vacation and must finish >> several things before season holidays -- if someone has worked out a >> patch and can do testing that it works and solves the problem I can >> review and apply and release it. Ilkka, how much have you tested your >> patch? > > That one was more like a rough sketch... (iow, I didn't) > > The attached one seems to work for me:
Simon, is this the proper fix? Should we apply it to the Debian version? Thanks. Considering that this was reported on a public mailing list (oath-toolkit-help), I'll request a CVE on oss-security.
