Thanks, Peter. I've got it. I think that patch should be ok; might be nice to get it into Fedora and test it out if nothing else. The patch only addresses CVE-2011-0523 (the first issue) from what I can tell, and not the buffer overflow in nmea device handling. Has that been discussed upstream at all?
I still see no activity in the upstream git -- do we know if this patch will land there?
Thanks, Peter. I've got it. I think that patch should be ok; might be nice to get it into Fedora and test it out if nothing else. The patch only addresses CVE-2011-0523 (the first issue) from what I can tell, and not the buffer overflow in nmea device handling. Has that been discussed upstream at all?
I still see no activity in the upstream git -- do we know if this patch will land there?