Bug#921725: libu2f-host: CVE-2018-20340

2019-02-11 Thread Sébastien Delafond
On Feb/09, Nicolas Braud-Santoni wrote: > Ah, I was bitten in the arse by #884428 again. > The upload to security-master should now be fine :) > > Sorry for accidentally duplicating your work, I didn't realise you had > prepared a backported fix for stable before the issue went public :) Thanks

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-09 Thread Nicolas Braud-Santoni
On Sat, Feb 09, 2019 at 01:54:19PM +0100, Nicolas Braud-Santoni wrote: > On Sat, Feb 09, 2019 at 11:19:47AM +0100, Sébastien Delafond wrote: > > don't forget to use -sa as it will be new there > > OK. My first dput didn't seem to include the orig tarball, even though I > built with

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-09 Thread Nicolas Braud-Santoni
On Sat, Feb 09, 2019 at 11:19:47AM +0100, Sébastien Delafond wrote: > On Feb/08, Nicolas Braud-Santoni wrote: > > I backported the fix and prepared an upload. > > The debdiff is attached, and the commands used to produced it are > > documented below. > > > > May I proceed with an upload to

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-09 Thread Sébastien Delafond
On Feb/08, Nicolas Braud-Santoni wrote: > I backported the fix and prepared an upload. > The debdiff is attached, and the commands used to produced it are documented > below. > > May I proceed with an upload to security-master? It looks OK to me, so if it passes testing on your end please

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-08 Thread Salvatore Bonaccorso
Hi Nicolas, On Fri, Feb 08, 2019 at 08:23:10PM +0100, Nicolas Braud-Santoni wrote: > On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote: > > Hi, > > > > The following vulnerability was published for libu2f-host. > > > > CVE-2018-20340[0]: > > buffer overflow > > > Hi

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-08 Thread Nicolas Braud-Santoni
Dear security team, On Fri, Feb 08, 2019 at 08:23:10PM +0100, Nicolas Braud-Santoni wrote: > On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote: > > The following vulnerability was published for libu2f-host. > > > > CVE-2018-20340[0]: > > buffer overflow > > I just uploaded a

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-08 Thread Nicolas Braud-Santoni
On Fri, Feb 08, 2019 at 02:08:40PM +0100, Salvatore Bonaccorso wrote: > Hi, > > The following vulnerability was published for libu2f-host. > > CVE-2018-20340[0]: > buffer overflow Hi Salvatore & Sébastien, Thanks a lot for the swift report(s). :) I just uploaded a fixed version to unstable.

Bug#921725: libu2f-host: CVE-2018-20340

2019-02-08 Thread Salvatore Bonaccorso
Source: libu2f-host Version: 1.1.2-2 Severity: grave Tags: security upstream Control: found -1 1.1.6-1 Hi, The following vulnerability was published for libu2f-host. CVE-2018-20340[0]: buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common