Comment 16 for bug 1666884
Revision history for this message
| Leonidas S. Barbosa (leosilvab) wrote | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Hi Oliver,
Thanks for the comments...
For trusty I did an update applying:
From 0eab0e46f482883
From: Oliver Giles <email address hidden>
Date: Wed, 30 May 2018 09:06:02 +0300
Subject: [PATCH] Fix length-check before populating propnames
The earlier length check did not check enough bytes. But rather
than fixing the off-by-one, it makes more sense to do a single
check at the start of the loop.
Resolves CVE-2017-9058.
Although, the second piece of the code/patch wasn't applied to trusty because it hasn't ytnefprint. I'm not sure if I got it right, but you are meaning even for Trusty only this patch doesn't solve the issue?
@Michael, I agree with you, but right now for bionic and xenial this package is in universe what means it's a community question of time it be update with those CVEs.