Hi, On Sun, Dec 25, 2016 at 05:47:18PM +0100, Salvatore Bonaccorso wrote: > Hi Roman, > > On Sat, Dec 24, 2016 at 12:03:16PM +0300, Roman Tsisyk wrote: > > > > > > > > >Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso > > ><car...@debian.org>: > > > > > >Source: msgpuck > > >Version: 1.0.3-1 > > >Severity: important > > >Tags: security upstream > > >Forwarded: https://github.com/rtsisyk/msgpuck/issues/12 > > > > > >Hi, > > > > > >the following vulnerability was published for msgpuck. > > > > > >CVE-2016-9036[0]: > > >Invalid handling of map16 format in mp_check() > > > > > >If you fix the vulnerability please also make sure to include the > > >CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > >For further information see: > > > > > >[0] https://security-tracker.debian.org/tracker/CVE-2016-9036 > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036 > > >[1] https://github.com/rtsisyk/msgpuck/issues/12 > > >[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/ > > > > > > > I already prepared a fix for this bug [1]. > > > > [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5 > > > > The package is waiting for uploading, I'm not DD. > > I added Dmitry E. Oboukhov to CC. > > Alright, thanks a lot!
Dmitry? Regards, Salvatore
