subject:"Bug#860960\: capnproto\: CVE\-2017\-7892"

Bug#860960: capnproto: CVE-2017-7892

2017-04-25 Thread Salvatore Bonaccorso

Hi Tom, On Tue, Apr 25, 2017 at 12:12:11AM -0700, Tom Lee wrote: > Salvatore, > > Assuming you raised this on behalf of the security team (and per > https://www.debian.org/intro/organization#security I'm assuming you are): > > For a moment I thought it might be worth applying upstream's patch

Bug#860960: capnproto: CVE-2017-7892

2017-04-25 Thread Tom Lee

Salvatore, Assuming you raised this on behalf of the security team (and per https://www.debian.org/intro/organization#security I'm assuming you are): For a moment I thought it might be worth applying upstream's patch as a precaution & requesting an unblock, but it really seems like it's just a

Bug#860960: capnproto: CVE-2017-7892

2017-04-22 Thread Tom Lee

Thanks for the reminder Salvatore -- I'll get this sorted out. On Sat, Apr 22, 2017 at 10:43 AM, Salvatore Bonaccorso wrote: > Source: capnproto > Version: 0.5.3-2 > Severity: minor > Tags: upstream security fixed-upstream > > Hi, > > the following vulnerability was published

Bug#860960: capnproto: CVE-2017-7892

2017-04-22 Thread Salvatore Bonaccorso

Source: capnproto Version: 0.5.3-2 Severity: minor Tags: upstream security fixed-upstream Hi, the following vulnerability was published for capnproto. CVE-2017-7892[0]: | Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a | compiler optimization. A remote attacker can