![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| object | f064ae4bed980aba19edc7fbd14e2e5c9406e71c | commit |
| author | Sebastian Harl <sh@tokkee.org> | |
| Fri, 29 Jul 2016 22:11:55 +0000 (00:11 +0200) |
Tagged collectd-5.1.0-3+deb7u1.
collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
* debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
the function used by the network plugin to parse incoming network packets.
Thanks to Florian Forster for reporting the bug in Debian.
(Closes: #832507, CVE-2016-6254)
* debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
gcry_control. A team of security researchers at Columbia University and
the University of Virginia discovered that GCrypt's gcry_control is
sometimes called without checking its return value for an error. This may
cause the program to be initialized without the desired, secure settings.
(Closes: #832577)
-- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 20:52:12 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXm9S5AAoJEMwFfnIvH/zHERoP/0bxYQRXFzKX/rUbzTC3k+hb
dHlLQMW1R9Lx+vhu2qnnHPm2MKv44sdnmWfJ8+aetW21D+FZ3zb6nA2fXOd9ddQ0
DCNqYWnwd310mShiXSSBKwtulm4xDBXfI/KkCU+4TSXHSe60e3c9Xmmulr2kZwjd
V4AO2XocCMdroRgaYq5yZggM/iK9F/CXDDPkLKWNa0kuzKoYFE+aMBrv3IZOPSD5
/jPEwVo5BMgHaRHppiS2pobNTwItwixmTD0qHqeQkPf62yCMUJWOwIeRFSpJeaN8
SmiuIMeUfa6ecVKBuahzweDDDrG9ndHxEJzZUV8oUzUc/uNlfgrSIadM+69opbtl
isyn5a7/4JDf6d0HdldNY9iY+VBu0J8xSkESRN3IPFaI4CqWoL3EUB6FRUvnPkKA
C88Awv+/enKLWJZhwkqqkFORZmmzsrXPofvjku0Iu27BILEhHeVcWfM/hvlwtrXw
x0Ue2CTtXsAMnnJEEw+S/AGNl+CkhjDwusLjPDc01grDBf5DSsyDnTUv1fNiXSdK
6GD9+jzqo8vvCT+Ibszk4vxkGaaU9/KtgVDFq5roamHkI32FhsJf11owO+lsAlKM
XiLYoWP1cvXe2h30rnuPvMPdlYOlLvKeE5fniAMOhGTQgpwxHQpiEODTpj+rVYlP
jjDu3HOAHdJEhwPamQpQ
=6EIx
-----END PGP SIGNATURE-----
collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
* debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
the function used by the network plugin to parse incoming network packets.
Thanks to Florian Forster for reporting the bug in Debian.
(Closes: #832507, CVE-2016-6254)
* debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
gcry_control. A team of security researchers at Columbia University and
the University of Virginia discovered that GCrypt's gcry_control is
sometimes called without checking its return value for an error. This may
cause the program to be initialized without the desired, secure settings.
(Closes: #832577)
-- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 20:52:12 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXm9S5AAoJEMwFfnIvH/zHERoP/0bxYQRXFzKX/rUbzTC3k+hb
dHlLQMW1R9Lx+vhu2qnnHPm2MKv44sdnmWfJ8+aetW21D+FZ3zb6nA2fXOd9ddQ0
DCNqYWnwd310mShiXSSBKwtulm4xDBXfI/KkCU+4TSXHSe60e3c9Xmmulr2kZwjd
V4AO2XocCMdroRgaYq5yZggM/iK9F/CXDDPkLKWNa0kuzKoYFE+aMBrv3IZOPSD5
/jPEwVo5BMgHaRHppiS2pobNTwItwixmTD0qHqeQkPf62yCMUJWOwIeRFSpJeaN8
SmiuIMeUfa6ecVKBuahzweDDDrG9ndHxEJzZUV8oUzUc/uNlfgrSIadM+69opbtl
isyn5a7/4JDf6d0HdldNY9iY+VBu0J8xSkESRN3IPFaI4CqWoL3EUB6FRUvnPkKA
C88Awv+/enKLWJZhwkqqkFORZmmzsrXPofvjku0Iu27BILEhHeVcWfM/hvlwtrXw
x0Ue2CTtXsAMnnJEEw+S/AGNl+CkhjDwusLjPDc01grDBf5DSsyDnTUv1fNiXSdK
6GD9+jzqo8vvCT+Ibszk4vxkGaaU9/KtgVDFq5roamHkI32FhsJf11owO+lsAlKM
XiLYoWP1cvXe2h30rnuPvMPdlYOlLvKeE5fniAMOhGTQgpwxHQpiEODTpj+rVYlP
jjDu3HOAHdJEhwPamQpQ
=6EIx
-----END PGP SIGNATURE-----