Your message dated Sat, 17 Sep 2016 19:32:09 +0000
with message-id <e1bllln-0004fm...@franck.debian.org>
and subject line Bug#832577: fixed in collectd 5.4.1-6+deb8u1
has caused the Debian Bug report #832577,
regarding collectd: gcrypt may be used half-initialized missing security 
settings
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
832577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832577
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: collectd
Version: 5.1.0-3
Severity: important
Tags: patch, security, upstream, fixed-upstream

Hi,

a team of security researchers at Columbia University and the University
of Virginia discovered that GCrypt's gcry_control is sometimes called
without checking its return value for an error. This may cause the
program to be initialized without the desired, secure settings.

The issue was reported in
https://github.com/collectd/collectd/issues/1665

The issue is already fixed upstream:
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl +++ GnuPG-ID: 0x2F1FFCC7 +++ http://tokkee.org/

Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety.         -- Benjamin Franklin

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Source: collectd
Source-Version: 5.4.1-6+deb8u1

We believe that the bug you reported is fixed in the latest version of
collectd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 832...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Harl <tok...@debian.org> (supplier of updated collectd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 28 Jul 2016 22:25:08 +0200
Source: collectd
Binary: collectd-core collectd collectd-utils collectd-dbg collectd-dev 
libcollectdclient-dev libcollectdclient1
Architecture: source amd64 all
Version: 5.4.1-6+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Sebastian Harl <tok...@debian.org>
Changed-By: Sebastian Harl <tok...@debian.org>
Description:
 collectd   - statistics collection and monitoring daemon
 collectd-core - statistics collection and monitoring daemon (core system)
 collectd-dbg - statistics collection and monitoring daemon (debugging symbols)
 collectd-dev - statistics collection and monitoring daemon (development files)
 collectd-utils - statistics collection and monitoring daemon (utilities)
 libcollectdclient-dev - client library for collectd's control interface 
(development file
 libcollectdclient1 - client library for collectd's control interface
Closes: 832507 832577
Changes:
 collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
 .
   * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
     plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
     the function used by the network plugin to parse incoming network packets.
     Thanks to Florian Forster for reporting the bug in Debian.
     (Closes: #832507, CVE-2016-6254)
   * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
     gcry_control. A team of security researchers at Columbia University and
     the University of Virginia discovered that GCrypt's gcry_control is
     sometimes called without checking its return value for an error. This may
     cause the program to be initialized without the desired, secure settings.
     (Closes: #832577)
Checksums-Sha1:
 98704c3a7cf59e643d8f48f3968e6395ca712989 3390 collectd_5.4.1-6+deb8u1.dsc
 faaccac4daf48449bcefc9d6f9236f98a5dd5b4b 1894132 collectd_5.4.1.orig.tar.gz
 8f562d43cfa0d1c21e7016d3d5113359faf6e75c 86934 collectd_5.4.1-6+deb8u1.diff.gz
 04989630cf287313eb1a8e98b0a34de0ffcc0d1c 777678 
collectd-core_5.4.1-6+deb8u1_amd64.deb
 4dc43ab457a9ea99a0e6fdb60e76f5e911237e06 87046 
collectd_5.4.1-6+deb8u1_amd64.deb
 2650bf1c952e1c2fd637cddca26ffad529c67466 101360 
collectd-utils_5.4.1-6+deb8u1_amd64.deb
 548c3c152b61acbdc3faa385b2f02a9b7537026d 1002802 
collectd-dbg_5.4.1-6+deb8u1_amd64.deb
 beaf4a2956bfa96198c3a038f20dc756f763df3c 81048 
libcollectdclient-dev_5.4.1-6+deb8u1_amd64.deb
 5942c7dcd6877822262dd54b8d866582f30e77ba 90494 
libcollectdclient1_5.4.1-6+deb8u1_amd64.deb
 05b5e867f1aa1dd811cc1a6adaa27d13d01c07c0 116554 
collectd-dev_5.4.1-6+deb8u1_all.deb
Checksums-Sha256:
 d0511d484ea28dc78407891cb583a99f906722c433a20fb5bccfe653beadc4d9 3390 
collectd_5.4.1-6+deb8u1.dsc
 853680936893df00bfc2be58f61ab9181fecb1cf45fc5cddcb7d25da98855f65 1894132 
collectd_5.4.1.orig.tar.gz
 086da0254961bc40a58a4455425048fe86faeb6ae7220935db228a814ad78f5e 86934 
collectd_5.4.1-6+deb8u1.diff.gz
 af34f4e9779d9841d2a7d92c065b16f39ee0a5c0c49d3d6cc6f58223a0ca8379 777678 
collectd-core_5.4.1-6+deb8u1_amd64.deb
 031272950d9347bb7be77ce1cd6884566ca082b260e85f3ad8268c1ef4ec0663 87046 
collectd_5.4.1-6+deb8u1_amd64.deb
 cdd39b41a4cfdf9def7cc0ece0eaaf8d1e1ce7188f6d702f71940cda5daf2df8 101360 
collectd-utils_5.4.1-6+deb8u1_amd64.deb
 540e6292212626c776dd018329c4463bdbdf65e297d0ca245232cb4164f2fca5 1002802 
collectd-dbg_5.4.1-6+deb8u1_amd64.deb
 17be16fd2ed08add9dfba3b9766d8a2add85ef41b42ad4456b91538a5344475e 81048 
libcollectdclient-dev_5.4.1-6+deb8u1_amd64.deb
 bfb821894e320a2adc72a88797c13110252b4f78717d8defe7f098e1524d5a6d 90494 
libcollectdclient1_5.4.1-6+deb8u1_amd64.deb
 e15d95fce232af77b914c5f84e0827230afc4d83d96fca852dae10669984dc92 116554 
collectd-dev_5.4.1-6+deb8u1_all.deb
Files:
 21a12fdc30dfd8285e6ff04b9b5b3ec2 3390 utils optional 
collectd_5.4.1-6+deb8u1.dsc
 6514ab3f7fd2135d2713f1ab25068841 1894132 utils optional 
collectd_5.4.1.orig.tar.gz
 f45feb2fe33ffdc563503e89670918d8 86934 utils optional 
collectd_5.4.1-6+deb8u1.diff.gz
 446f58179fb445f2a36320fc4b0b2fa3 777678 utils optional 
collectd-core_5.4.1-6+deb8u1_amd64.deb
 0fc2eb1467280c25724b7bcc6237a818 87046 utils optional 
collectd_5.4.1-6+deb8u1_amd64.deb
 6fa83a1dfccdfd686c32a3e8dfcee0bb 101360 utils optional 
collectd-utils_5.4.1-6+deb8u1_amd64.deb
 58bad551731edf9b237e058a89843d20 1002802 debug extra 
collectd-dbg_5.4.1-6+deb8u1_amd64.deb
 a3df53fca0bac4ade8a1d2432cbcfe95 81048 libdevel optional 
libcollectdclient-dev_5.4.1-6+deb8u1_amd64.deb
 bb738c04e45a3dd319979b1eefb79aa0 90494 libs optional 
libcollectdclient1_5.4.1-6+deb8u1_amd64.deb
 d559a096de0fe10af099ff0c8ce12ef9 116554 utils optional 
collectd-dev_5.4.1-6+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXm7OSAAoJEMwFfnIvH/zHTgkQAKDdfm7yRIYhPm66B1PyV4/O
gqo4wCJM+I9F/alc7MECvKbskVpf27CTOykMhhbEZ3Tyry4Gf4AcXhBGltW2O+kD
9/vA/UK0TiwzWuhh/XTH6iSWhOFcUue7NPUojdCtdLEBrZQYS4mlh5qm3bKdTOqF
das1oQkvtWbFb3IA+BmYxdb5LyEMSRhjo33nVmujQOs51EJEqM5GU1oGEywB/IdM
AWk+Hh2FcmQtcUSKfUEOtZlkqKjqf94aN5gjvOZ/COrEqMJf9NYRuiJh0K78F9w7
Yp1WsVWI/K0TsR9XsFb9UAfNoEbcQYbtg3yjjTT6zq7Rq4AaHKzkoFhe85mtO5l9
m7baSnnQ9BsnIuIlwPC+rJJDZR43JVUe2U7EyPQuqOn3qhPAsdcQmtWB1DSTl51o
+HC/NQDSnMY2CeSJ9lvQs+q1JX3QrhVnodhW3PtK8vH6uZvupRisHXsWCmUgVGvj
3VuPJyuzbDUjETedARHiUaGH86+ToSl4qmzxlMPvW9k7waRoHHKYNAJ4zVabkbDY
zfisU4C+y7GWgrIb20VlgNbliT8PBb/+wp+/UyA+6I+wM8OCkY9XE7DnU0YFgBz0
zCS0KjiDpqo6w+rrYJ66s1pg03mPZO5ZPWWGgm3J/JlkZ1cpP8wd4enp8CmeDkrm
S8xFEJKqB3bsbigXNoxt
=r5qP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to