Re: Salvatore Bonaccorso 2015-05-22 <[email protected]> > Hi Christoph, > > On Wed, May 20, 2015 at 10:51:32PM +0200, Christoph Berg wrote: > > Hi, > > > > there's a new pgbouncer release out that fixes a DoS. The effective > > change is: > > > > --- pgbouncer-1.5.4/NEWS 2012-11-28 14:06:30.000000000 +0100 > > +++ pgbouncer-1.5.5/NEWS 2015-04-09 16:07:52.000000000 +0200 > > @@ -1,3 +1,10 @@ > > +2015-04-09 - PgBouncer 1.5.5 - "Play Dead To Win" > > + > > + = Fixes = > > + > > + * Fix remote crash - invalid packet order causes lookup of NULL > > + pointer. Not exploitable, just DoS. > > This has been assigned CVE-2015-4054 now[0]. Given the explanation you > gave me on the usecase I think it would be safe to schedule this > through a (old)stable proposed-update. Could you contact the release > team to have it updated for jessie and wheezy? > > [0] http://www.openwall.com/lists/oss-security/2015/05/22/5
Hi Salvatore, ok, will do. Thanks for the assignment! Christoph -- [email protected] | http://www.df7cb.de/
signature.asc
Description: Digital signature
_______________________________________________ Pkg-postgresql-public mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
