Multiple remotely-triggerable crashes in libpurple

Daniel Atallah daniel.atallah at gmail.com
Thu Oct 14 17:37:50 EDT 2010


On Thu, Oct 14, 2010 at 07:59, Jan Lieskovsky <jlieskov at redhat.com> wrote:
>>>  Are there any reproducer / proof of concept files, which could be used
>>> for
>>> patch work verification and updated packages testing purposes?
>>>
>>>  If they are available, would you be willing to privately [1] share
>>> them with us?
>>>
>>> [1] http://www.redhat.com/security/team/key/
>>
>> I, unfortunately, did not test the patch.  I have not been involved much
>> with
>> our development lately due to my regular job.  This is an excellent
>> question for
>> Daniel.
>
> Is Daniel on this list too? Or should we contact him?

Yes I am.  Sorry for the delayed response.

I don't have any test cases.  It didn't seem worth the (non-trivial)
effort to write up test cases for each of these scenarios;  I think
that both the problem and the solution are pretty straightforward.

If there are any specific questions about the vulnerability or the
fix, I'll do my best to answer them.

Thanks,
-D



More information about the Packagers mailing list