diff --git a/debian/changelog b/debian/changelog
index 5af677953280a0787cdbbd7e3945573f78fce93f..34d83ac4bbf5b4f409be3cee30b5668902adec7d 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
-collectd (5.4.1-6) UNRELEASED; urgency=medium
+collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
+
+ * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+ plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+ the function used by the network plugin to parse incoming network packets.
+ Thanks to Florian Forster for reporting the bug in Debian.
+ (Closes: #832507, CVE-2016-6254)
+ * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+ gcry_control. A team of security researchers at Columbia University and
+ the University of Virginia discovered that GCrypt's gcry_control is
+ sometimes called without checking its return value for an error. This may
+ cause the program to be initialized without the desired, secure settings.
+ (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 22:25:08 +0200
+
+collectd (5.4.1-6) unstable; urgency=medium
* debian/patches:
- Added bts770681_riemann_ack: upstream fix for the write_riemann plugin
timestamps; thanks to Marc Fournier for reporting this (Closes: #770693)
- Added bts770694_loglevel: upstream fix to correct logging behavior when
using an invalid log level; thanks to Marc Fournier for reporting this
- (Closes: #770694).
+ (Closes: #770694, #687067).
- -- Sebastian Harl <tokkee@debian.org> Sun, 23 Nov 2014 13:04:03 +0100
+ -- Sebastian Harl <tokkee@debian.org> Sun, 23 Nov 2014 15:27:15 +0100
collectd (5.4.1-5) unstable; urgency=medium
-- gregor herrmann <gregoa@debian.org> Sun, 26 May 2013 00:52:37 +0200
+collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
+
+ * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+ plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+ the function used by the network plugin to parse incoming network packets.
+ Thanks to Florian Forster for reporting the bug in Debian.
+ (Closes: #832507, CVE-2016-6254)
+ * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+ gcry_control. A team of security researchers at Columbia University and
+ the University of Virginia discovered that GCrypt's gcry_control is
+ sometimes called without checking its return value for an error. This may
+ cause the program to be initialized without the desired, secure settings.
+ (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 20:52:12 +0200
+
collectd (5.1.0-3) unstable; urgency=low
* debian/patches/migrate-4-5-df.dpatch, debian/collectd-core.postinst: