* Andreas Barth: > we have the following debian bug report about an security isuse in > libpam-oath (source oath-toolkit, upstream web page > http://www.nongnu.org/oath-toolkit/ ). > > What is the appropriate process to get an CVE number on it? This issue > is already public, as it is documented in the debian bug tracking > system.
Does this actually have any application impact? Not checking for error on malloc failure is extremely common, and many applications use wrappers such as xmalloc which explicitly terminate the process on malloc failure. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
