Add changelog entry for jessie-security (5.4.1-6+deb8u1).

author Sebastian Harl <sh@tokkee.org>

Thu, 28 Jul 2016 20:25:54 +0000 (22:25 +0200)

committer Sebastian Harl <sh@tokkee.org>

Thu, 28 Jul 2016 20:25:54 +0000 (22:25 +0200)
author Sebastian Harl <sh@tokkee.org>
Thu, 28 Jul 2016 20:25:54 +0000 (22:25 +0200)
committer Sebastian Harl <sh@tokkee.org>
Thu, 28 Jul 2016 20:25:54 +0000 (22:25 +0200)
diff --git a/debian/changelog b/debian/changelog

index 031793ad0e4d5c2cfb8e1603bbfac3811eae1e0e..b8c5fe9c03020a57f9c6942fb7c7f8a6d50b492b 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+collectd (5.4.1-6+deb8u1) jessie-security; urgency=medium
+
+  * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+    plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+    the function used by the network plugin to parse incoming network packets.
+    Thanks to Florian Forster for reporting the bug in Debian.
+    (Closes: #832507, CVE-2016-6254)
+  * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+    gcry_control. A team of security researchers at Columbia University and
+    the University of Virginia discovered that GCrypt's gcry_control is
+    sometimes called without checking its return value for an error. This may
+    cause the program to be initialized without the desired, secure settings.
+    (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org>  Thu, 28 Jul 2016 22:25:08 +0200
+
  collectd (5.4.1-6) unstable; urgency=medium
  
    * debian/patches:
author	Sebastian Harl <sh@tokkee.org>
	Thu, 28 Jul 2016 20:25:54 +0000 (22:25 +0200)
committer	Sebastian Harl <sh@tokkee.org>
	Thu, 28 Jul 2016 20:25:54 +0000 (22:25 +0200)