Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()

2017-01-10 Thread Salvatore Bonaccorso 
Hi,

On Sun, Dec 25, 2016 at 05:47:18PM +0100, Salvatore Bonaccorso wrote:
> Hi Roman,
> 
> On Sat, Dec 24, 2016 at 12:03:16PM +0300, Roman Tsisyk wrote:
> > 
> > 
> > 
> > >Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso 
> > >:
> > >
> > >Source: msgpuck
> > >Version: 1.0.3-1
> > >Severity: important
> > >Tags: security upstream
> > >Forwarded:  https://github.com/rtsisyk/msgpuck/issues/12
> > >
> > >Hi,
> > >
> > >the following vulnerability was published for msgpuck.
> > >
> > >CVE-2016-9036[0]:
> > >Invalid handling of map16 format in mp_check()
> > >
> > >If you fix the vulnerability please also make sure to include the
> > >CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > >
> > >For further information see:
> > >
> > >[0]  https://security-tracker.debian.org/tracker/CVE-2016-9036
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036
> > >[1]  https://github.com/rtsisyk/msgpuck/issues/12
> > >[2]  http://www.talosintelligence.com/reports/TALOS-2016-0254/
> > >
> > 
> > I already prepared a fix for this bug [1].
> > 
> > [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5
> > 
> > The package is waiting for uploading, I'm not DD.
> > I added Dmitry E. Oboukhov to CC.
> 
> Alright, thanks a lot!

Dmitry?

Regards,
Salvatore

Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()

2016-12-25 Thread Salvatore Bonaccorso 
Hi Roman,

On Sat, Dec 24, 2016 at 12:03:16PM +0300, Roman Tsisyk wrote:
> 
> 
> 
> >Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso 
> >:
> >
> >Source: msgpuck
> >Version: 1.0.3-1
> >Severity: important
> >Tags: security upstream
> >Forwarded:  https://github.com/rtsisyk/msgpuck/issues/12
> >
> >Hi,
> >
> >the following vulnerability was published for msgpuck.
> >
> >CVE-2016-9036[0]:
> >Invalid handling of map16 format in mp_check()
> >
> >If you fix the vulnerability please also make sure to include the
> >CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> >For further information see:
> >
> >[0]  https://security-tracker.debian.org/tracker/CVE-2016-9036
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036
> >[1]  https://github.com/rtsisyk/msgpuck/issues/12
> >[2]  http://www.talosintelligence.com/reports/TALOS-2016-0254/
> >
> 
> I already prepared a fix for this bug [1].
> 
> [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5
> 
> The package is waiting for uploading, I'm not DD.
> I added Dmitry E. Oboukhov to CC.

Alright, thanks a lot!

Regards,
Salvatore

Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()

2016-12-24 Thread Roman Tsisyk 



>Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso 
>:
>
>Source: msgpuck
>Version: 1.0.3-1
>Severity: important
>Tags: security upstream
>Forwarded:  https://github.com/rtsisyk/msgpuck/issues/12
>
>Hi,
>
>the following vulnerability was published for msgpuck.
>
>CVE-2016-9036[0]:
>Invalid handling of map16 format in mp_check()
>
>If you fix the vulnerability please also make sure to include the
>CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
>For further information see:
>
>[0]  https://security-tracker.debian.org/tracker/CVE-2016-9036
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036
>[1]  https://github.com/rtsisyk/msgpuck/issues/12
>[2]  http://www.talosintelligence.com/reports/TALOS-2016-0254/
>

I already prepared a fix for this bug [1].

[1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5

The package is waiting for uploading, I'm not DD.
I added Dmitry E. Oboukhov to CC.

-- 
WBR,
  Roman Tsisyk 
  http://tarantool.org/ - an efficient in-memory data store and a Lua 
application server

Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()

2016-12-23 Thread Salvatore Bonaccorso 
Source: msgpuck
Version: 1.0.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/rtsisyk/msgpuck/issues/12

Hi,

the following vulnerability was published for msgpuck.

CVE-2016-9036[0]:
Invalid handling of map16 format in mp_check()

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036
[1] https://github.com/rtsisyk/msgpuck/issues/12
[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/

Regards,
Salvatore