From: Sebastian Harl Date: Thu, 28 Jul 2016 20:25:54 +0000 (+0200) Subject: Add changelog entry for jessie-security (5.4.1-6+deb8u1). X-Git-Tag: collectd-5.5.2-1~5^2~1 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=efd282b994758371aad32a9138ad18fc7d7c3fb0;p=pkg-collectd.git Add changelog entry for jessie-security (5.4.1-6+deb8u1). --- diff --git a/debian/changelog b/debian/changelog index 031793a..b8c5fe9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,19 @@ +collectd (5.4.1-6+deb8u1) jessie-security; urgency=medium + + * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network + plugin. Emilien Gaspar has identified a heap overflow in parse_packet(), + the function used by the network plugin to parse incoming network packets. + Thanks to Florian Forster for reporting the bug in Debian. + (Closes: #832507, CVE-2016-6254) + * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of + gcry_control. A team of security researchers at Columbia University and + the University of Virginia discovered that GCrypt's gcry_control is + sometimes called without checking its return value for an error. This may + cause the program to be initialized without the desired, secure settings. + (Closes: #832577) + + -- Sebastian Harl Thu, 28 Jul 2016 22:25:08 +0200 + collectd (5.4.1-6) unstable; urgency=medium * debian/patches: