[collectd-changes] pkg-collectd: annotated tag "collectd-5.5.2-1" created. collectd-5.5.2-1

Sebastian Harl sh at tokkee.org
Fri Jul 29 08:27:40 CEST 2016 

The annotated tag "collectd-5.5.2-1" of project "collectd Debian package"
has been created
        at  3124f61086e0654df1eb078d7a0ea459ecb10327 (tag)
   tagging  49da0163711068306a628777d12732fa070606af (commit)
  replaces  collectd-5.5.1-5
 tagged by  Sebastian Harl
        on  Fri Jul 29 08:27:01 2016 +0200

- Log -----------------------------------------------------------------
Tagged collectd-5.5.2-1.

collectd (5.5.2-1) unstable; urgency=high

  * New upstream release.
    - Fix heap overflow in the network plugin. Emilien Gaspar has identified a
      heap overflow in parse_packet(), the function used by the network plugin
      to parse incoming network packets. Thanks to Florian Forster for
      reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
    - Fix improper usage of gcry_control. A team of security researchers at
      Columbia University and the University of Virginia discovered that
      GCrypt's gcry_control is sometimes called without checking its return
      value for an error. This may cause the program to be initialized without
      the desired, secure settings. (Closes: #832577)
  * debian/patches:
    - bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
      upstream release, except for: Don't abort() if gcrypt initialization
      failed.
    - Drop bts823012_librrd8.patch; merged upstream.
  * Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
    accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
    reporting this (Closes: #829634).

 -- Sebastian Harl <tokkee at debian.org>  Fri, 29 Jul 2016 00:02:11 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAABAgAGBQJXmvdFAAoJEMwFfnIvH/zHBc0QANR3+O/1gQXDRk4zDmKppgfb
N5pyu4KKKArZEW+pC080pWYiXUadIRuHDe2FZFluLJt+JqOOh6NV1hWO0k9zJ2zJ
tNw00grMcTdyShkDwfhKVtDiy2BYDqAUPA146cljdVQJIyEErOps2dALHu1tIajk
Wvz3yBGQfRBPCMYHyFcjjvPJmlZ9cTsBA54w/x7gNSqcAboBh9YDIQcjBBROU0vd
G/n81G/J+YDzWzQhvMkc0xhUeCvatbdA4S8CqmuPt8OaRVj4ktQ2vK+N6HDH8Q+k
Rxi4m96XstTOGBO6QI8Jn1LbMZoTzm/65oOyka8lzK+Tr1o0nNWpfdToRH8jHZ3c
kzrlB91IuQjnjR9oKSB2uHUiRsEdT3RVnw32cqrdbmy5i8RApT6kDenzZqFKBH5Y
Ae3CsWDz34nh8rbIEDLxHaKO4Op2j2JrFJA03UVosByJFZQksmGXEhk4CRtzdQP9
qzyrKfxH/YvtyggQGxVUKvCwG3/T3SK/E++43dvedq2SA1JxXuVBguZrdIHS/5b1
/lC4aTFibNcFzzPYrkuD92uOZFW0VoIEyRxS6KybXE7zLSbXa7ZC6mh6zzIZrEhk
jIkc1Zq7oSGwzfXumwYNDLca28reaQ/DuXnOsxRO4rFQdCN4O2etQvpcq4VsGkX+
nyL344zRZwmSFQkcf0xU
=1j0u
-----END PGP SIGNATURE-----

Sebastian Harl (16):
      patches/CVE-2016-6254.dpatch: Fix heap overflow in the network plugin.
      patches/bts832577-gcry-control.dpatch: Fix improper usage of gcry_control.
      Release changelog to wheezy-security.
      Merged branch 'wheezy' into jessie.
      Update CVE-2016-6254 and bts832577-gcry-control patches for 5.4.1.
      Add changelog entry for jessie-security (5.4.1-6+deb8u1).
      Merged branch 'jessie' into master.
      Bump changelog to 5.5.2-1.
      Update patches for 5.5.2.
      Set urgency to high.
      Merged branch 'jessie' into master.
      patches/: Drop bts823012_librrd8.patch; merged upstream.
      patches/: Actually enable bts832577-gcry-control.patch.
      The rebuild will close #829634.
      bts832577-gcry-control.patch: Add missing return statement.
      Release the changelog; set priority to high.

-----------------------------------------------------------------------

More information about the collectd-changes mailing list