Hi Simon, On Wed, Feb 12, 2014 at 02:32:47PM +0100, Simon Josefsson wrote: > I have reviewed the patch and added a regression test now, thanks Bas > and Ilkka for information. Florian, did you get a CVE number yet? If I > get the number, I'll mention it in the NEWS file for the upcoming v2.4.1 > bugfix release. > > Current fix is in git: > http://git.savannah.gnu.org/cgit/oath-toolkit.git/commit/?h=oath-toolkit-2-4-x&id=a31a1eef2dac134d397f3351206206c4b2bb5bfa
Yes there is one: See https://security-tracker.debian.org/tracker/CVE-2013-7322 and http://bugs.debian.org/738515. Regards, Salvatore
