X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=debian%2Fchangelog;h=792b53ff82961d4afaffc8c5ad238a1ca5f18990;hb=a05b0dcd448b4b2ce3526e3934aa521c602ba199;hp=9fdb411f824e57eb9a519e1b87185d153e59368d;hpb=96d473da965afd39097d8ba6feb4aaa7ed1c3b93;p=pkg-collectd.git

diff --git a/debian/changelog b/debian/changelog
index 9fdb411..792b53f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+collectd (5.1.0-3+deb7u3) wheezy-security; urgency=high
+
+  * CVE-2017-7401: Fix an endless loop DoS vulnerability in parse_packet().
+    When a correct "Signature part" is received by a Collectd instance
+    configured without the AuthFile option, an endless loop occurs due to a
+    missing pointer increment to the next unprocessed part. (Closes: #859494)
+
+ -- Chris Lamb <lamby@debian.org>  Tue, 04 Apr 2017 16:45:15 +0200
+
 collectd (5.1.0-3+deb7u2) wheezy-security; urgency=high
 
   * debian/patches/bts833013-gcry-init.dpatch: Fix initialization of