[Bug 928328] New: VUL-1: libnettle: off-by-one in the test suite
http://bugzilla.suse.com/show_bug.cgi?id=928328 Bug ID: 928328 Summary: VUL-1: libnettle: off-by-one in the test suite Classification: openSUSE Product: openSUSE Factory Version: 201503* Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: vpereira@novell.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Address Sanitizer found a problem in the des-compat-test.c the line: for (i=0; i<(NUM_TESTS-1); i++) should be: for (i=0; i<(NUM_TESTS-2); i++) we found a simila problem, in the 13.2, however in Factory it was already fixed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=928328
--- Comment #3 from Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=928328
Andreas Stieger
did you send it upstream already?
Thomas, could you send this upstream? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=928328
Andreas Stieger
http://bugzilla.suse.com/show_bug.cgi?id=928328
--- Comment #5 from Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=928328
--- Comment #6 from Andreas Stieger
Sent mail here: https://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
http://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003388.html No reply as of writing. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=928328
http://bugzilla.suse.com/show_bug.cgi?id=928328#c7
--- Comment #7 from Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=928328
http://bugzilla.suse.com/show_bug.cgi?id=928328#c8
--- Comment #8 from Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=928328
http://bugzilla.suse.com/show_bug.cgi?id=928328#c9
Andreas Stieger
What distros would you like to have this fixed on? Or can this be closed? (As it is reported against factory).
This package is in SLE12. However the code is in the test suite which is not run in the productive package. SLE 12 is therefore not affected. The issue can be closed as it was upstreamed and the next Factory release will contain it. No update required as far as I can see. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=928328
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=928328
http://bugzilla.suse.com/show_bug.cgi?id=928328#c10
--- Comment #10 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com