Hey Folks, Gabe Somlo alerted me to a patch for a suspected bug, relabeled as a security issue.
[1] http://osdir.com/ml/fedora-package-announce/2016-04/msg00410.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=1319858 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1319859 [4] https://bugzilla.redhat.com/show_bug.cgi?id=1319860 [5] https://bugzilla.redhat.com/show_bug.cgi?id=1319861 They all stem from this report: [6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818489 which also is repeated here: [7] http://seclists.org/oss-sec/2016/q2/157 but rejected here: [8] http://seclists.org/oss-sec/2016/q2/173 When it comes down to it, and since I worry the Debian package has a few patches that aren't reflected/sent upstream, I'm not sure it's not just affecting them. [9] https://sourceforge.net/p/vtun/patches/24/ [10] https://sourceforge.net/p/vtun/bugs/58/ So. I'd like to get a feel for it. Are you able to provoke the issue as mentioned in [6]? I'm not seeing anything like 'this is the log messages' or 'this is how I can provoke it', so I'm lost a little here. I'd like to confirm it affects Upstream before the patches are bought in; especially if they can affect host->persist behaviour. Roland? Do you have anything on debian's bug tracker there that I'm not seeing and which can help show what's up? Thanks - bish janitor and fishmonger ------------------------------------------------------------------------------ _______________________________________________ Vtun-Users mailing list Vtun-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vtun-users
