-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Mar 2023 00:51:40 +0100 Source: syslog-ng Architecture: source Version: 3.28.1-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: syslog-ng maintainers <syslog-ng-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Changes: syslog-ng (3.28.1-2+deb11u1) bullseye-security; urgency=high . * CVE-2022-38725: Integer overflow and buffer out-of-bounds issues in the RFC3164 parser, which could allows remote attackers to cause a Denial of Service via crafted syslog input. * Fix crash (segflaut) with small invalid formatted logs. Checksums-Sha1: ed080c6b16a7bbd1e7649462b40a3e753e79d51b 4516 syslog-ng_3.28.1-2+deb11u1.dsc 75068d9e35eeffdd78c5b46e2942c4c8b8385a08 1681069 syslog-ng_3.28.1.orig.tar.gz 062ec11574f4da4206a7c975435636dca20a39a0 47264 syslog-ng_3.28.1-2+deb11u1.debian.tar.xz 38c002b6639d84fa9f636d5fed7afc9c03fb4048 17983 syslog-ng_3.28.1-2+deb11u1_amd64.buildinfo Checksums-Sha256: 4c07197b4f666392d87c76c28443f0d668517b4d11d11eabdba15b80c9668513 4516 syslog-ng_3.28.1-2+deb11u1.dsc a13409998320b914dcc5940e2b93155aa9adc2fe232dd3505b68541eadc2df6f 1681069 syslog-ng_3.28.1.orig.tar.gz 6c8a0a5fe3ae6c4cab07f062af89a1f433d9a696287f29dd1fbca2842ffccab8 47264 syslog-ng_3.28.1-2+deb11u1.debian.tar.xz cb8f173346baf4b32f4ef2c7d4096f25b0d9d79558c43e59128d28310fbfc64c 17983 syslog-ng_3.28.1-2+deb11u1_amd64.buildinfo Files: a05c2c092e28ff9a8150525bf0a09782 4516 admin optional syslog-ng_3.28.1-2+deb11u1.dsc afe91d27cf57b5f8373891618747bca8 1681069 admin optional syslog-ng_3.28.1.orig.tar.gz ebe4f2da1192bd75e1e0df53c288169d 47264 admin optional syslog-ng_3.28.1-2+deb11u1.debian.tar.xz ed7620169638fe9cd1092d86872efeec 17983 admin optional syslog-ng_3.28.1-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmP+lPAACgkQ05pJnDwh pVL+pw/9FRy3VXoQ+5uTi1e18hvAClX9XYP/g4QnpRYVYHZIH6wFDRtS3leOlHuH AtRs2NyfycdbCorbKcmsSgJVylRjE50UZU+MEBntImVuO2iWcUcnmKDQO/186uOB jW8pnLBm9CsE+8GK6u4pBhsjdE2uRHI+BdYM7W+Lsr0c9IFG9Gqi9o5jxFVXjUlv ewV4Zs6VjjwPnpsLE8Z0TtO0VVkjH2qW89PWhfRMe4B7aI2z/2lK0JgnjomkQdir xVWN9tUcj5EGNHB1alfY59UWXVBSV2WItdI14C6fGth1CFbLioQaxC1SXsESb9J4 deC4C+vfkmsK10LHi6vp6DEanFT21A4Sr64zeMWnouqayyAJPlOQvD2Nf80Va3JV Q2bik6nWp5IKRb6tJAcVPVqYvjd2WCsFEK6TVUp+7+bdKpnCrhPCMEZMUpuU/4Kf qvsSIdum1QsYTZCOAddyTh9pv1vWuM1gJKh775NOsT6h9tl/5hot24oP+kGnUZK1 R013v/BreSOct6GG/miD3fFqMOa++CHmkmX4nUlVkellbRzHdXi2KlirJtD9Af6t C7bpX2hpyidjLmjzMBOLqcZndz2iGUJl9VwhfJiLRUZX0v9BOi2HEAEC90gjYijD BEzDOaM0T7Xww02EhdU4BSsWxs4yNvbHv6ZYoiX7cjEVeLCVxrU= =qm2H -----END PGP SIGNATURE-----
