* persmule (persm...@gmail.com) wrote: > Package: libengine-pkcs11-openssl > Version: 0.1.8-5 > Severity: grave > Tags: security > Justification: user security hole > > Dear Maintainer, > > Functions in src/engine_pkcs11.c to set static global data (set_module, > set_pin, get_pin and set_init_args) do not free memories pointed by the > corresponding pointers before assigning them to newly allocated > memories, which > may cause memory leaks if they are called more than once. > > The bugs related to set_module, set_pin and get_pin are fixed on > upstream, but > the one of set_init_args is not.
Agreed that these are valid memory leaks but what's the security implication? This doesn't seem obviously exploitable. -- Eric Dorland <e...@kuroneko.ca> 43CF 1228 F726 FD5B 474C E962 C256 FBD5 0022 1E93
signature.asc
Description: PGP signature