[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cracklib: Fix buffer overflow
From: |
Ludovic Courtès |
Subject: |
Re: cracklib: Fix buffer overflow |
Date: |
Tue, 10 Jan 2017 22:44:29 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> On Thu, Sep 15, 2016 at 11:36:46AM -0400, Leo Famulari wrote:
>> This patch cherry-picks an upstream commit to fix a buffer overflow in
>> cracklib. Please see the patch file for more information about the bug.
>
>> From 62f8f1763ba1766e92e8dc05686bd9353eaf2ad5 Mon Sep 17 00:00:00 2001
>> From: Leo Famulari <address@hidden>
>> Date: Thu, 15 Sep 2016 11:34:49 -0400
>> Subject: [PATCH] gnu: cracklib: Fix buffer overflow.
>>
>> * gnu/packages/patches/cracklib-fix-buffer-overflow.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/password-utils.scm (cracklib)[source]: Use it.
>
> I forgot about this patch.
>
> Debian applied it:
> https://anonscm.debian.org/cgit/pkg-cracklib/pkg-cracklib.git/tree/debian/patches/overflow-processing-long-words.patch
>
> I'll push it today if I hear no objections.
Sounds good, thanks for the heads-up.
Ludo’.