Bug#780139: CVE-2015-0885

Hi The following can be done to verify the issue: Install both qmail and checkpw. # qmail-popup sid /usr/bin/checkpw id +OK <20138.1426255113@sid> user foo--bar +OK pass foobar now checkpw on the host will enter an infinite loop consuming cpu ressources. Regards, Salvatore -- To UNSUBSCRIBE

Bug#780139: CVE-2015-0885

Package: checkpw Severity: grave Tags: security Hi Gerrit, please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0885 (feel free to lower the severity, I don't know checkpw myself) I'm attaching a cleaned-up diff between the 1.03 and 1.02 releases. Cheers, Moritz diff -Naur