Hey Folks,

Gabe Somlo alerted me to a patch for a suspected bug, relabeled as a
security issue.

[1] http://osdir.com/ml/fedora-package-announce/2016-04/msg00410.html

[2] https://bugzilla.redhat.com/show_bug.cgi?id=1319858
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1319859
[4] https://bugzilla.redhat.com/show_bug.cgi?id=1319860
[5] https://bugzilla.redhat.com/show_bug.cgi?id=1319861

They all stem from this report:
[6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818489

which also is repeated here:
[7] http://seclists.org/oss-sec/2016/q2/157

but rejected here:
[8] http://seclists.org/oss-sec/2016/q2/173

When it comes down to it, and since I worry the Debian package has a few
patches that aren't reflected/sent upstream, I'm not sure it's not just
affecting them.

[9] https://sourceforge.net/p/vtun/patches/24/
[10] https://sourceforge.net/p/vtun/bugs/58/

So.  I'd like to get a feel for it.  Are you able to provoke the issue
as mentioned in [6]?  I'm not seeing anything like 'this is the log
messages' or 'this is how I can provoke it', so I'm lost a little here.
 I'd like to confirm it affects Upstream before the patches are bought
in; especially if they can affect host->persist behaviour.

Roland?  Do you have anything on debian's bug tracker there that I'm not
seeing and which can help show what's up?

 - bish
   janitor and fishmonger

Vtun-Users mailing list

Reply via email to