[Pkg-auth-maintainers] Bug#906128: libykpiv1 impacted by CVE-2018-14779 and CVE-2018-14780
Moritz Mühlenhoff
jmm at inutil.org
Wed Aug 15 07:49:36 BST 2018
On Wed, Aug 15, 2018 at 01:30:10AM +0200, Nicolas Braud-Santoni wrote:
> Hi Salvatore,
>
> On Tue, Aug 14, 2018 at 09:55:39PM +0200, Salvatore Bonaccorso wrote:
> > On Tue, Aug 14, 2018 at 08:36:10PM +0200, Nicolas Braud-Santoni wrote:
> > > Hi,
> > >
> > > Gunnar Wolf sponsored the upload to sid (thanks!) and I just prepared an
> > > upload for stretch-security. It is available in the branch debian/stretch on:
> > >
> > > https://salsa.debian.org/auth-team/yubico-piv-tool.git
> > >
> > > If the security team finds it suitable, please upload directly.
> >
> > The issue does not warrant a DSA (was marked no-dsa in the tracker
> > already). Can you though propose a fix to be included in the next
> > stretch point release?
>
> Yes, jcristau pointed out on IRC that there was a race condition between my mail
> and the update of the security-tracker; I updated the changelog for an upload
> to stretch-p-u, and jcc@ said he will look at it tomorrow.
>
> Thanks for the swift reply :)
Ack! Thanks for your swift reaction as well :-)
Cheers,
Moritz
More information about the Pkg-auth-maintainers
mailing list