You wrote: > * Ilkka Virta: > > > On 16.12.2013 22:43, Simon Josefsson wrote: > >> Thanks for the report and looking into this issue. Alas the timing > >> here was bad, and I am just returning from vacation and must finish > >> several things before season holidays -- if someone has worked out > >> a patch and can do testing that it works and solves the problem I > >> can review and apply and release it. Ilkka, how much have you > >> tested your patch? > > > > That one was more like a rough sketch... (iow, I didn't) > > > > The attached one seems to work for me: > > Simon, is this the proper fix? Should we apply it to the Debian > version? Thanks.
I think it looked fine but I haven't fully analyzed it -- any chance someone could come up with a brief description of how to reproduce the problem exactly? Then I could add that recipe as a self-test in the package, apply the fix, and if that silences the self-test, I'm happy. > Considering that this was reported on a public mailing list > (oath-toolkit-help), I'll request a CVE on oss-security. Thank you. /Simon
