The client crashes, I don't think it's a security risk because it's not a double free, just dereferencing free'd memory, and doesn't /usually/ crash because with the original patch, it finds the invalid memory and returns from the function. It's only worth an update because I think that examining memory which has been freed is obviously wrong and I think it can still crash in some cases; it's not a security problem.
-- Crashes when connecting to server that requires STARTTLS https://bugs.launchpad.net/bugs/64372 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
