![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| object | 49da0163711068306a628777d12732fa070606af | commit |
| author | Sebastian Harl <sh@tokkee.org> | |
| Fri, 29 Jul 2016 06:27:01 +0000 (08:27 +0200) |
Tagged collectd-5.5.2-1.
collectd (5.5.2-1) unstable; urgency=high
* New upstream release.
- Fix heap overflow in the network plugin. Emilien Gaspar has identified a
heap overflow in parse_packet(), the function used by the network plugin
to parse incoming network packets. Thanks to Florian Forster for
reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
- Fix improper usage of gcry_control. A team of security researchers at
Columbia University and the University of Virginia discovered that
GCrypt's gcry_control is sometimes called without checking its return
value for an error. This may cause the program to be initialized without
the desired, secure settings. (Closes: #832577)
* debian/patches:
- bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
upstream release, except for: Don't abort() if gcrypt initialization
failed.
- Drop bts823012_librrd8.patch; merged upstream.
* Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
reporting this (Closes: #829634).
-- Sebastian Harl <tokkee@debian.org> Fri, 29 Jul 2016 00:02:11 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXmvdFAAoJEMwFfnIvH/zHBc0QANR3+O/1gQXDRk4zDmKppgfb
N5pyu4KKKArZEW+pC080pWYiXUadIRuHDe2FZFluLJt+JqOOh6NV1hWO0k9zJ2zJ
tNw00grMcTdyShkDwfhKVtDiy2BYDqAUPA146cljdVQJIyEErOps2dALHu1tIajk
Wvz3yBGQfRBPCMYHyFcjjvPJmlZ9cTsBA54w/x7gNSqcAboBh9YDIQcjBBROU0vd
G/n81G/J+YDzWzQhvMkc0xhUeCvatbdA4S8CqmuPt8OaRVj4ktQ2vK+N6HDH8Q+k
Rxi4m96XstTOGBO6QI8Jn1LbMZoTzm/65oOyka8lzK+Tr1o0nNWpfdToRH8jHZ3c
kzrlB91IuQjnjR9oKSB2uHUiRsEdT3RVnw32cqrdbmy5i8RApT6kDenzZqFKBH5Y
Ae3CsWDz34nh8rbIEDLxHaKO4Op2j2JrFJA03UVosByJFZQksmGXEhk4CRtzdQP9
qzyrKfxH/YvtyggQGxVUKvCwG3/T3SK/E++43dvedq2SA1JxXuVBguZrdIHS/5b1
/lC4aTFibNcFzzPYrkuD92uOZFW0VoIEyRxS6KybXE7zLSbXa7ZC6mh6zzIZrEhk
jIkc1Zq7oSGwzfXumwYNDLca28reaQ/DuXnOsxRO4rFQdCN4O2etQvpcq4VsGkX+
nyL344zRZwmSFQkcf0xU
=1j0u
-----END PGP SIGNATURE-----
collectd (5.5.2-1) unstable; urgency=high
* New upstream release.
- Fix heap overflow in the network plugin. Emilien Gaspar has identified a
heap overflow in parse_packet(), the function used by the network plugin
to parse incoming network packets. Thanks to Florian Forster for
reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
- Fix improper usage of gcry_control. A team of security researchers at
Columbia University and the University of Virginia discovered that
GCrypt's gcry_control is sometimes called without checking its return
value for an error. This may cause the program to be initialized without
the desired, secure settings. (Closes: #832577)
* debian/patches:
- bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
upstream release, except for: Don't abort() if gcrypt initialization
failed.
- Drop bts823012_librrd8.patch; merged upstream.
* Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
reporting this (Closes: #829634).
-- Sebastian Harl <tokkee@debian.org> Fri, 29 Jul 2016 00:02:11 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXmvdFAAoJEMwFfnIvH/zHBc0QANR3+O/1gQXDRk4zDmKppgfb
N5pyu4KKKArZEW+pC080pWYiXUadIRuHDe2FZFluLJt+JqOOh6NV1hWO0k9zJ2zJ
tNw00grMcTdyShkDwfhKVtDiy2BYDqAUPA146cljdVQJIyEErOps2dALHu1tIajk
Wvz3yBGQfRBPCMYHyFcjjvPJmlZ9cTsBA54w/x7gNSqcAboBh9YDIQcjBBROU0vd
G/n81G/J+YDzWzQhvMkc0xhUeCvatbdA4S8CqmuPt8OaRVj4ktQ2vK+N6HDH8Q+k
Rxi4m96XstTOGBO6QI8Jn1LbMZoTzm/65oOyka8lzK+Tr1o0nNWpfdToRH8jHZ3c
kzrlB91IuQjnjR9oKSB2uHUiRsEdT3RVnw32cqrdbmy5i8RApT6kDenzZqFKBH5Y
Ae3CsWDz34nh8rbIEDLxHaKO4Op2j2JrFJA03UVosByJFZQksmGXEhk4CRtzdQP9
qzyrKfxH/YvtyggQGxVUKvCwG3/T3SK/E++43dvedq2SA1JxXuVBguZrdIHS/5b1
/lC4aTFibNcFzzPYrkuD92uOZFW0VoIEyRxS6KybXE7zLSbXa7ZC6mh6zzIZrEhk
jIkc1Zq7oSGwzfXumwYNDLca28reaQ/DuXnOsxRO4rFQdCN4O2etQvpcq4VsGkX+
nyL344zRZwmSFQkcf0xU
=1j0u
-----END PGP SIGNATURE-----