On Thu, Jul 20, 2017 at 10:27:44AM -0400, Antoine Beaupré wrote: > Opened an issue upstream, as recommended by the RedHat security > folks. Also sent a pull request for the fix: > > https://github.com/the-tcpdump-group/tcpdump/pull/617
It's likely that this was wasted effort--tcpdump is the token application for afl testing and the upstream team gets lots of reports. The fix probably already exists in the embargoed repository (which I don't have access to). The next security release will include it along with others (see the 4.9.0 changelog to get an idea). > I'll sit on this one until we get a review from upstream now. I'm also monitoring the situation, but thanks for your work. -- Romain Francoise <rfranco...@debian.org> https://people.debian.org/~rfrancoise/
