Hi Brian, > libqb > NOTE: 20190616: Upstream patch does not apply at all, but it appears that > > NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or > NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)
NB. "appears that" — it was a rather cursory glance from me... > If you want to look at libqb probably worth double checking this in case > I got something wrong/confused :-) Indeed. However, can you add your comments to data/dla-needed.txt or link to your previous reply in the mailing list archives? That way, whoever does look at the package does not miss your fine investigatory work. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-