On 2017-08-15 05:55:49 [+0900], Marc Dequènes (Duck) wrote:
> Quack,
Hi,
> I was at DebConf in Canada, so I was busy meeting people :-).
> It should be done before or after flying back home.
No worries. We got the two CVEs sorted out and a release in the
meantime. I see an unstable upload almost
Quack,
On 08/07/2017 04:22 AM, Sebastian Andrzej Siewior wrote:
> Marc do plan you upload something to unstable/security soon, wait for a
> new release or would you prefer someone else to NMU it with this
> change?
I was at DebConf in Canada, so I was busy meeting people :-).
It should be done
For your information, libmspack 0.6alpha has now been released.
On 06/08/17 20:22, Sebastian Andrzej Siewior wrote:
On 2017-08-06 10:22:11 [+0100], Stuart Caie wrote:
Commited a fix:
https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
I'll put out a release in
On 2017-08-06 10:22:11 [+0100], Stuart Caie wrote:
> Commited a fix:
> https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
>
> I'll put out a release in the near future.
thank you Stuart.
Marc do plan you upload something to unstable/security soon, wait for a
new
On 05/08/17 10:36, Stuart Caie wrote:
libmspack is wrong to convert to unsigned without checking for errors first.
When I get to my computer, I'll check all calls to mspack_system
read/write/seek/tell methods, to be sure this doesn't happen anywhere else.
I checked all the other mspack_system
On 4 Aug 2017 7:40 am, Sebastian Andrzej Siewior
wrote:
>
> The way I see it, the problem is that the read functions returns -1 on
> error and libmspack
> https://sources.debian.net/src/libmspack/0.5-1/mspack/cabd.c/#L524
>
> treats the return code as unsigned
On 2017-07-23 16:52:16 [+0100], Stuart Caie wrote:
> Hello,
Hi Stuart,
> https://github.com/kyz/libmspack/commit/3e3436af6010ac245d7a390c6798e2b81ce09191
> > 2015-05-10 Stuart Caie
> > * cabd_read_string(): correct rejection of empty strings. Thanks to
> > Hanno Böck for
Hello,
I have no more infomation than you do. If you can find out who raised
the issue, please ask them to send me the example of the crafted file,
The bug says "stack-based buffer over-read and application crash" - the
file
Quack,
I added libmspack's upstream author in case he could give a hand.
Here is the bugreport:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956
On 2017-07-20 05:15, Salvatore Bonaccorso wrote:
Unfortunately the upstream bug [1] is locked-down.
Thanks for reporting it.
9 matches
Mail list logo