On 2017-08-31 15:08:08, Lars-Johan Liman wrote: > On 8/31/2017 5:54 AM, Lars-Johan Liman wrote: > >> Just curious: is this patch available in the Github repository or does > >> "waiting" mean somewhere else? > > jalt...@secure-endpoints.com: > > Its not in the repository. > > Ack. Thanks. > > Cheers, > /Liman
For anyone interested I saw Debian Security Advisory DSA-4055-1 (relating to newly published CVE-2017-17439) which is regarding the problem discussed in this thread. This made me look in the repo and the upstream fix is now public: https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887 Here is an issue with additional information: https://github.com/heimdal/heimdal/issues/353 -- Patrik Lundin