[Pkg-auth-maintainers] Bug#906128: libykpiv1 impacted by CVE-2018-14779 and CVE-2018-14780
Nicolas Braud-Santoni
nicolas at braud-santoni.eu
Wed Aug 15 00:30:10 BST 2018
Hi Salvatore,
On Tue, Aug 14, 2018 at 09:55:39PM +0200, Salvatore Bonaccorso wrote:
> On Tue, Aug 14, 2018 at 08:36:10PM +0200, Nicolas Braud-Santoni wrote:
> > Hi,
> >
> > Gunnar Wolf sponsored the upload to sid (thanks!) and I just prepared an
> > upload for stretch-security. It is available in the branch debian/stretch on:
> >
> > https://salsa.debian.org/auth-team/yubico-piv-tool.git
> >
> > If the security team finds it suitable, please upload directly.
>
> The issue does not warrant a DSA (was marked no-dsa in the tracker
> already). Can you though propose a fix to be included in the next
> stretch point release?
Yes, jcristau pointed out on IRC that there was a race condition between my mail
and the update of the security-tracker; I updated the changelog for an upload
to stretch-p-u, and jcc@ said he will look at it tomorrow.
Thanks for the swift reply :)
Best,
nicoo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-auth-maintainers/attachments/20180815/6d6e0171/attachment.sig>
More information about the Pkg-auth-maintainers
mailing list