-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 29 Jul 2016 00:02:11 +0200 Source: collectd Binary: collectd-core collectd collectd-utils collectd-dbg collectd-dev libcollectdclient-dev libcollectdclient1 Architecture: source Version: 5.5.2-1 Distribution: unstable Urgency: high Maintainer: Sebastian Harl <tokkee@debian.org> Changed-By: Sebastian Harl <tokkee@debian.org> Description: collectd - statistics collection and monitoring daemon collectd-core - statistics collection and monitoring daemon (core system) collectd-dbg - statistics collection and monitoring daemon (debugging symbols) collectd-dev - statistics collection and monitoring daemon (development files) collectd-utils - statistics collection and monitoring daemon (utilities) libcollectdclient-dev - client library for collectd's control interface (development file libcollectdclient1 - client library for collectd's control interface Closes: 829634 832507 832577 Changes: collectd (5.5.2-1) unstable; urgency=high . * New upstream release. - Fix heap overflow in the network plugin. Emilien Gaspar has identified a heap overflow in parse_packet(), the function used by the network plugin to parse incoming network packets. Thanks to Florian Forster for reporting the bug in Debian. (Closes: #832507, CVE-2016-6254) - Fix improper usage of gcry_control. A team of security researchers at Columbia University and the University of Virginia discovered that GCrypt's gcry_control is sometimes called without checking its return value for an error. This may cause the program to be initialized without the desired, secure settings. (Closes: #832577) * debian/patches: - bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new upstream release, except for: Don't abort() if gcrypt initialization failed. - Drop bts823012_librrd8.patch; merged upstream. * Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for reporting this (Closes: #829634). Checksums-Sha1: 9e8737c6f85aa7cee060cf6d8107744e2f1aa5d3 3681 collectd_5.5.2-1.dsc 076cb021a16120988abfdd19c4e80fade26c55c2 2259231 collectd_5.5.2.orig.tar.gz 312a8ec61863e615a977e1bb08ebd75a4a28d3bb 71188 collectd_5.5.2-1.debian.tar.xz Checksums-Sha256: 91fc9a563d442b9bd03368c0ecab85929acf00704b34a25f405c5953163a9da0 3681 collectd_5.5.2-1.dsc 8013ae74df2b90ec8a8e7ac5da7638e165199021eca5f423ff8ee19feac649ba 2259231 collectd_5.5.2.orig.tar.gz f628b67c7fafe4f2c573f9a8c9a898bbbb3f606f69f1b60b442bf812f5444d25 71188 collectd_5.5.2-1.debian.tar.xz Files: fef24fc74ae938568d66d4ef63386434 3681 utils optional collectd_5.5.2-1.dsc 58ce766e4744837945b184af576d4b17 2259231 utils optional collectd_5.5.2.orig.tar.gz 2b8192834538527cf89c62365fe9789b 71188 utils optional collectd_5.5.2-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXmvHwAAoJEMwFfnIvH/zHC+QQALtLU7hqZ10LcEDmP9RhiktH YIKlczxvqh1UXox4zBbgfj0JLa812cyGHDfOBSonCwZ1YYaowYi32pDxdIhLsXN/ D72HP0TI/FkDreaoQXNio1lmL6PtVY2F+FODcY/nDtjvWljx85cK/Rf7LIPBA3Rc +jHejA6/htO1Pulkt4VSORQZoW7SgQteRWppQ4hifC9GSC82LHzQpoxX9Pw4Gqy+ /4RhKoACrveZFq4sid7dq6z2Tum5XBp8XSn7REg60jFAY9TzejCnJCYz5r6fUwBJ 3AyszuRUxnbtvG4lGPE0fAHOTve1sCjr69+050iABkDgcpaZSR4FGrNKBfowmohS 7lL19M5pWdKgrkS0qxppM5H+fSZyl5++gdOtVND6h7/e3sM1VxrqaWwH7LD7DlYt CfXjUMmIGeo6tzV7eWHnRQnyHaCaw52pkhQ8qIQ0yPmxUFrwPQ8+E4LieDkuhmbZ 5Hl2V8ZPcjpE6hGPz5EDe5GhVZ/IiRZr1Q/IJ65YKMnOnEKpis2l/1a59JSiO8wL opQZxKPuodR7hWBoNlW1zlE6TP77QlY5BRvonw73OVUMycPQxHQZ1YlIV4vAc3Cn 9+yAsHLS0MInuCtvokqpSjqeuDDQa86UuSXayCYwmCropUdfNnnzpqvG+S6WwzWs de2h7/RulaxIt5DA+sZL =PumS -----END PGP SIGNATURE-----