Alon Levy <al...@redhat.com> writes: > On Mon, Nov 28, 2011 at 08:27:37PM +0100, Markus Armbruster wrote: >> ATR size exceeding the limit is diagnosed, but then we merrily use it >> anyway, overrunning card->atr[]. >> >> The message is read from a character device. Obvious security >> implications unless the other end of the character device is trusted. >> >> Spotted by Coverity. CVE-2011-4111. >> > > Anthony, do you want me to do a pull request for this or can you merge > it as is?
It's already in, commit 7e62255a.