Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()

Roman Tsisyk Sat, 24 Dec 2016 01:06:26 -0800


>Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso 
><car...@debian.org>:
>
>Source: msgpuck
>Version: 1.0.3-1
>Severity: important
>Tags: security upstream
>Forwarded:  https://github.com/rtsisyk/msgpuck/issues/12
>
>Hi,
>
>the following vulnerability was published for msgpuck.
>
>CVE-2016-9036[0]:
>Invalid handling of map16 format in mp_check()
>
>If you fix the vulnerability please also make sure to include the
>CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
>For further information see:
>
>[0]  https://security-tracker.debian.org/tracker/CVE-2016-9036
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036
>[1]  https://github.com/rtsisyk/msgpuck/issues/12
>[2]  http://www.talosintelligence.com/reports/TALOS-2016-0254/
>

I already prepared a fix for this bug [1].

[1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5

The package is waiting for uploading, I'm not DD.
I added Dmitry E. Oboukhov to CC.

-- 
WBR,
  Roman Tsisyk <ro...@tarantool.org>
  http://tarantool.org/ - an efficient in-memory data store and a Lua 
application server

Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()

Reply via email to