From: Sebastian Harl <sh@tokkee.org>
Date: Thu, 28 Jul 2016 20:58:17 +0000 (+0200)
Subject: Bump changelog to 5.5.2-1.
X-Git-Tag: collectd-5.5.2-1~7
X-Git-Url: https://git.tokkee.org/?p=pkg-collectd.git;a=commitdiff_plain;h=20f1d822f97110d7565a3ac6e98272fb89eee3cd

Bump changelog to 5.5.2-1.

Document the pending security fixes.
---

diff --git a/debian/changelog b/debian/changelog
index 4bbcd88..7edc974 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+collectd (5.5.2-1) UNRELEASED; urgency=medium
+
+  * New upstream release.
+    - Fix heap overflow in the network plugin. Emilien Gaspar has identified a
+      heap overflow in parse_packet(), the function used by the network plugin
+      to parse incoming network packets. Thanks to Florian Forster for
+      reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
+    - Fix improper usage of gcry_control. A team of security researchers at
+      Columbia University and the University of Virginia discovered that
+      GCrypt's gcry_control is sometimes called without checking its return
+      value for an error. This may cause the program to be initialized without
+      the desired, secure settings. (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org>  Thu, 28 Jul 2016 22:56:36 +0200
+
 collectd (5.5.1-5) unstable; urgency=low
 
   * debian/control, debian/rules: