![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| object | 050b3e76e6dc72e7b1f402709d975ecb3622def3 | commit |
| author | Sebastian Harl <sh@tokkee.org> | |
| Fri, 29 Jul 2016 22:11:20 +0000 (00:11 +0200) |
Tagged collectd-5.4.1-6+deb8u1.
collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
* debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
the function used by the network plugin to parse incoming network packets.
Thanks to Florian Forster for reporting the bug in Debian.
(Closes: #832507, CVE-2016-6254)
* debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
gcry_control. A team of security researchers at Columbia University and
the University of Virginia discovered that GCrypt's gcry_control is
sometimes called without checking its return value for an error. This may
cause the program to be initialized without the desired, secure settings.
(Closes: #832577)
-- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 22:25:08 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXm9SYAAoJEMwFfnIvH/zHhH8P/jpbHBP3OYQmGUPqdNhuJmn5
tElGj3vyOPQgghoI53RwjlG4aEKQ2tI6DvGYXx6t4cvAMeMbFsP4hqEIK1aq+Sgo
xTWYg93IL3HAvMI+AjQ04I6rjRQE0zIiW2bC1iUonxzRleQ8pZrUeWYNXb7NfIaE
C3VoqCsLOFJEFszol1JkxDbf34xuOwRSFjWR6A7zClcpIh4POsjQPdmYC4G+Whqb
6HQ7LXh6n2C58VP31Dkx5UYSnBS/rUnSiW3HLYJdQ94BBHazh2Uggt4lewa3rjp7
bphRTEF4jCb8vWCVPsz+SFfRGZ/oMz1eLLPowJnakK7c+rwAiwo6k4ViyiULGO50
gwFv/TKq2vyqFAVuJ87XmUohQLd0WFr+yMqB1M4bKEyvXB5lzp48aI2h7FSYELJY
einix8a20/glFln+7uEhI/kLbWLIWM2K0yQPj3+mj5rLkpT+jMfq164/ZMwl0O6v
ocfoHvbQ9XV+PnBeCz2/3SjnC66joTXU2B2HRieRGKl3nhEFA/py2TNBSdC+70ZW
kOKsqcEWwJWJeWHOWQdMp1bb4GT9tRbO7r5AqV9TJV/1ZKzMzZb9VJNE2Zy+MKAh
quq3x5fuAJluike7/vjhwQlH04V2sKKOqXgu0Kev0OE7AwkWGoIcGt1E+vZniXW1
YIpzDK5gR0AM7lf9s1PP
=1it8
-----END PGP SIGNATURE-----
collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
* debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
the function used by the network plugin to parse incoming network packets.
Thanks to Florian Forster for reporting the bug in Debian.
(Closes: #832507, CVE-2016-6254)
* debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
gcry_control. A team of security researchers at Columbia University and
the University of Virginia discovered that GCrypt's gcry_control is
sometimes called without checking its return value for an error. This may
cause the program to be initialized without the desired, secure settings.
(Closes: #832577)
-- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 22:25:08 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXm9SYAAoJEMwFfnIvH/zHhH8P/jpbHBP3OYQmGUPqdNhuJmn5
tElGj3vyOPQgghoI53RwjlG4aEKQ2tI6DvGYXx6t4cvAMeMbFsP4hqEIK1aq+Sgo
xTWYg93IL3HAvMI+AjQ04I6rjRQE0zIiW2bC1iUonxzRleQ8pZrUeWYNXb7NfIaE
C3VoqCsLOFJEFszol1JkxDbf34xuOwRSFjWR6A7zClcpIh4POsjQPdmYC4G+Whqb
6HQ7LXh6n2C58VP31Dkx5UYSnBS/rUnSiW3HLYJdQ94BBHazh2Uggt4lewa3rjp7
bphRTEF4jCb8vWCVPsz+SFfRGZ/oMz1eLLPowJnakK7c+rwAiwo6k4ViyiULGO50
gwFv/TKq2vyqFAVuJ87XmUohQLd0WFr+yMqB1M4bKEyvXB5lzp48aI2h7FSYELJY
einix8a20/glFln+7uEhI/kLbWLIWM2K0yQPj3+mj5rLkpT+jMfq164/ZMwl0O6v
ocfoHvbQ9XV+PnBeCz2/3SjnC66joTXU2B2HRieRGKl3nhEFA/py2TNBSdC+70ZW
kOKsqcEWwJWJeWHOWQdMp1bb4GT9tRbO7r5AqV9TJV/1ZKzMzZb9VJNE2Zy+MKAh
quq3x5fuAJluike7/vjhwQlH04V2sKKOqXgu0Kev0OE7AwkWGoIcGt1E+vZniXW1
YIpzDK5gR0AM7lf9s1PP
=1it8
-----END PGP SIGNATURE-----