Control: tags -1 + pending On Wed, 2016-05-25 at 06:59 +0200, Salvatore Bonaccorso wrote: > Hi, > > On Tue, May 24, 2016 at 09:41:48PM +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Mon, 2016-05-16 at 17:30 +0200, Salvatore Bonaccorso wrote: > > > libksba in jessie is affected by some CVEs which do not neccessarly > > > seem to need a DSA. I would like to propose the attached > > > debdiff/update for libksba via the next jessie point release. > > > > > > Would you accept that upload? I took the git commits without > > > modifying, thus the first patch as well updates the copyright years > > > notice in one file. I can drop that if you prefer. > > > > > > The "Fix an OOB read access in _ksba_dn_to_str" patch is an addition > > > to CVE-2016-4356 required. If we do not apply that one libskba will be > > > affected by CVE-2016-4574. > > > > Please go ahead. > > Thank you Adam; uploaded.
Flagged for acceptance, thanks. Regards, Adam
