diff --git a/debian/changelog b/debian/changelog
index 9b6f06c4d21e126dbf26ab4dc846ac7536aa457e..792b53ff82961d4afaffc8c5ad238a1ca5f18990 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
-collectd (5.1.0-3+deb7u1) UNRELEASED; urgency=high
+collectd (5.1.0-3+deb7u3) wheezy-security; urgency=high
+
+ * CVE-2017-7401: Fix an endless loop DoS vulnerability in parse_packet().
+ When a correct "Signature part" is received by a Collectd instance
+ configured without the AuthFile option, an endless loop occurs due to a
+ missing pointer increment to the next unprocessed part. (Closes: #859494)
+
+ -- Chris Lamb <lamby@debian.org> Tue, 04 Apr 2017 16:45:15 +0200
+
+collectd (5.1.0-3+deb7u2) wheezy-security; urgency=high
+
+ * debian/patches/bts833013-gcry-init.dpatch: Fix initialization of
+ libgcrypt: Initialize the library before using any other functions to
+ ensure that thread-safety is set up appropriately. This fixes potential
+ crashes of the network plugin and a regression introduced in
+ 5.1.0-3+deb7u1 which ultimately surfaced the issue. Thanks to Antoine
+ Sirinelli for reporting this. (Closes: #833013)
+
+ -- Sebastian Harl <tokkee@debian.org> Wed, 03 Aug 2016 22:59:23 +0200
+
+collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
* debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
cause the program to be initialized without the desired, secure settings.
(Closes: #832577)
- -- Sebastian Harl <tokkee@debian.org> Wed, 27 Jul 2016 10:14:42 +0200
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 20:52:12 +0200
collectd (5.1.0-3) unstable; urgency=low