Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()
Hi, On Sun, Dec 25, 2016 at 05:47:18PM +0100, Salvatore Bonaccorso wrote: > Hi Roman, > > On Sat, Dec 24, 2016 at 12:03:16PM +0300, Roman Tsisyk wrote: > > > > > > > > >Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso > > >: > > > > > >Source: msgpuck > > >Version: 1.0.3-1 > > >Severity: important > > >Tags: security upstream > > >Forwarded: https://github.com/rtsisyk/msgpuck/issues/12 > > > > > >Hi, > > > > > >the following vulnerability was published for msgpuck. > > > > > >CVE-2016-9036[0]: > > >Invalid handling of map16 format in mp_check() > > > > > >If you fix the vulnerability please also make sure to include the > > >CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > >For further information see: > > > > > >[0] https://security-tracker.debian.org/tracker/CVE-2016-9036 > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036 > > >[1] https://github.com/rtsisyk/msgpuck/issues/12 > > >[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/ > > > > > > > I already prepared a fix for this bug [1]. > > > > [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5 > > > > The package is waiting for uploading, I'm not DD. > > I added Dmitry E. Oboukhov to CC. > > Alright, thanks a lot! Dmitry? Regards, Salvatore
Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()
Hi Roman, On Sat, Dec 24, 2016 at 12:03:16PM +0300, Roman Tsisyk wrote: > > > > >Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso > >: > > > >Source: msgpuck > >Version: 1.0.3-1 > >Severity: important > >Tags: security upstream > >Forwarded: https://github.com/rtsisyk/msgpuck/issues/12 > > > >Hi, > > > >the following vulnerability was published for msgpuck. > > > >CVE-2016-9036[0]: > >Invalid handling of map16 format in mp_check() > > > >If you fix the vulnerability please also make sure to include the > >CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > >For further information see: > > > >[0] https://security-tracker.debian.org/tracker/CVE-2016-9036 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036 > >[1] https://github.com/rtsisyk/msgpuck/issues/12 > >[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/ > > > > I already prepared a fix for this bug [1]. > > [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5 > > The package is waiting for uploading, I'm not DD. > I added Dmitry E. Oboukhov to CC. Alright, thanks a lot! Regards, Salvatore
Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()
>Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso >: > >Source: msgpuck >Version: 1.0.3-1 >Severity: important >Tags: security upstream >Forwarded: https://github.com/rtsisyk/msgpuck/issues/12 > >Hi, > >the following vulnerability was published for msgpuck. > >CVE-2016-9036[0]: >Invalid handling of map16 format in mp_check() > >If you fix the vulnerability please also make sure to include the >CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > >For further information see: > >[0] https://security-tracker.debian.org/tracker/CVE-2016-9036 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036 >[1] https://github.com/rtsisyk/msgpuck/issues/12 >[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/ > I already prepared a fix for this bug [1]. [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5 The package is waiting for uploading, I'm not DD. I added Dmitry E. Oboukhov to CC. -- WBR, Roman Tsisyk http://tarantool.org/ - an efficient in-memory data store and a Lua application server
Bug#849212: msgpuck: CVE-2016-9036: Invalid handling of map16 format in mp_check()
Source: msgpuck Version: 1.0.3-1 Severity: important Tags: security upstream Forwarded: https://github.com/rtsisyk/msgpuck/issues/12 Hi, the following vulnerability was published for msgpuck. CVE-2016-9036[0]: Invalid handling of map16 format in mp_check() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9036 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036 [1] https://github.com/rtsisyk/msgpuck/issues/12 [2] http://www.talosintelligence.com/reports/TALOS-2016-0254/ Regards, Salvatore