X-Git-Url: https://git.tokkee.org/?p=pkg-collectd.git;a=blobdiff_plain;f=debian%2Fchangelog;h=4bbcd8857f1562f1f8e0b45b037f8649b69ce23c;hp=249cdff2895e4da3c184128a2fcc7cc3c30073d9;hb=dd5dd0520b5aa294199b21165e695053d1e0c54f;hpb=f770f2af83f2c9639cc41e529460fd2e0647cdde

diff --git a/debian/changelog b/debian/changelog
index 249cdff..4bbcd88 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -174,6 +174,22 @@ collectd (5.5.0-1) unstable; urgency=medium
 
  -- Marc Fournier <marc.fournier@camptocamp.com>  Fri, 21 Aug 2015 13:29:17 +0200
 
+collectd (5.4.1-6+deb8u1) jessie-security; urgency=medium
+
+  * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+    plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+    the function used by the network plugin to parse incoming network packets.
+    Thanks to Florian Forster for reporting the bug in Debian.
+    (Closes: #832507, CVE-2016-6254)
+  * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+    gcry_control. A team of security researchers at Columbia University and
+    the University of Virginia discovered that GCrypt's gcry_control is
+    sometimes called without checking its return value for an error. This may
+    cause the program to be initialized without the desired, secure settings.
+    (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org>  Thu, 28 Jul 2016 22:25:08 +0200
+
 collectd (5.4.1-6) unstable; urgency=medium
 
   * debian/patches:
@@ -460,6 +476,22 @@ collectd (5.1.0-3.1) unstable; urgency=low
 
  -- gregor herrmann <gregoa@debian.org>  Sun, 26 May 2013 00:52:37 +0200
 
+collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
+
+  * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+    plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+    the function used by the network plugin to parse incoming network packets.
+    Thanks to Florian Forster for reporting the bug in Debian.
+    (Closes: #832507, CVE-2016-6254)
+  * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+    gcry_control. A team of security researchers at Columbia University and
+    the University of Virginia discovered that GCrypt's gcry_control is
+    sometimes called without checking its return value for an error. This may
+    cause the program to be initialized without the desired, secure settings.
+    (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org>  Thu, 28 Jul 2016 20:52:12 +0200
+
 collectd (5.1.0-3) unstable; urgency=low
 
   * debian/patches/migrate-4-5-df.dpatch, debian/collectd-core.postinst: