[tokkee]

tokkee.org

Code

projects / pkg-collectd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix an endless loop DoS vulnerability in parse_packet().
[pkg-collectd.git] / debian / changelog
diff --git a/debian/changelog b/debian/changelog
index 9fdb411f824e57eb9a519e1b87185d153e59368d..792b53ff82961d4afaffc8c5ad238a1ca5f18990 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+collectd (5.1.0-3+deb7u3) wheezy-security; urgency=high
+
+  * CVE-2017-7401: Fix an endless loop DoS vulnerability in parse_packet().
+    When a correct "Signature part" is received by a Collectd instance
+    configured without the AuthFile option, an endless loop occurs due to a
+    missing pointer increment to the next unprocessed part. (Closes: #859494)
+
+ -- Chris Lamb <lamby@debian.org>  Tue, 04 Apr 2017 16:45:15 +0200
+
 collectd (5.1.0-3+deb7u2) wheezy-security; urgency=high
 
   * debian/patches/bts833013-gcry-init.dpatch: Fix initialization of
Unnamed repository; edit this file 'description' to name the repository.