Accepted collectd 5.1.0-3+deb7u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 28 Jul 2016 20:52:12 +0200 Source: collectd Binary: collectd-core collectd collectd-utils collectd-dbg collectd-dev libcollectdclient-dev libcollectdclient0 Architecture: source amd64 all Version: 5.1.0-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Sebastian HarlChanged-By: Sebastian Harl Description: collectd - statistics collection and monitoring daemon collectd-core - statistics collection and monitoring daemon (core system) collectd-dbg - statistics collection and monitoring daemon (debugging symbols) collectd-dev - statistics collection and monitoring daemon (development files) collectd-utils - statistics collection and monitoring daemon (utilities) libcollectdclient-dev - client library for collectd's control interface (development file libcollectdclient0 - client library for collectd's control interface Closes: 832507 832577 Changes: collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high . * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network plugin. Emilien Gaspar has identified a heap overflow in parse_packet(), the function used by the network plugin to parse incoming network packets. Thanks to Florian Forster for reporting the bug in Debian. (Closes: #832507, CVE-2016-6254) * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of gcry_control. A team of security researchers at Columbia University and the University of Virginia discovered that GCrypt's gcry_control is sometimes called without checking its return value for an error. This may cause the program to be initialized without the desired, secure settings. (Closes: #832577) Checksums-Sha1: 64747c23eae5eb7bc8f35db2cc239f041311d055 3303 collectd_5.1.0-3+deb7u1.dsc 55f17b17a10710641a9bf4e8c5332cef661cafcd 1630323 collectd_5.1.0.orig.tar.gz 9d6b74cf6787c65de447b87f755bdd9db90efdb3 71842 collectd_5.1.0-3+deb7u1.diff.gz 8b927cb22580623f421f3a955b03dd00d2451934 920374 collectd-core_5.1.0-3+deb7u1_amd64.deb 18b84f4911ac99f466c978e30a2bfa29654079ec 76722 collectd_5.1.0-3+deb7u1_amd64.deb 3b6c299b1c15bc03ddeb2b4ffb73530b541c3a46 88328 collectd-utils_5.1.0-3+deb7u1_amd64.deb 3275cd70e383366031c6f3635784e8be195482d0 1348782 collectd-dbg_5.1.0-3+deb7u1_amd64.deb 863208f7ff2c5946991b0ab7dddcd47c4464fb2b 71308 libcollectdclient-dev_5.1.0-3+deb7u1_amd64.deb 0676fefeb907e5e30daf0612e0f0e8b4d8c37b96 78338 libcollectdclient0_5.1.0-3+deb7u1_amd64.deb 2bc4a45c6a9486e873e74edfde4226f9b2bea3ce 114422 collectd-dev_5.1.0-3+deb7u1_all.deb Checksums-Sha256: 7635d9a3981b78dde6a9e58e99836ba45166434f41bac2f7875a7e3309de1b31 3303 collectd_5.1.0-3+deb7u1.dsc 8e06c03c5467f3021565570fc86c931a43579aa6dad25ca5999d66850cd19927 1630323 collectd_5.1.0.orig.tar.gz dc924d44e65302e17512cbca3361cf4c3a1ff41431a25ab19711e0b6cda4dca2 71842 collectd_5.1.0-3+deb7u1.diff.gz f031ec20e79100b9feae404df31a9848e1afd6b83be3bd47e73a58c14997484f 920374 collectd-core_5.1.0-3+deb7u1_amd64.deb 5bea8af8dc991d7e23f374ae44b7ada1e61cd6a1a5cbf7006f13e29d508f4c8b 76722 collectd_5.1.0-3+deb7u1_amd64.deb ca032e55d0cf251fe554ae835aac57150b5c7aec8d42daba6497463499b077d5 88328 collectd-utils_5.1.0-3+deb7u1_amd64.deb a1fdb6926a408d381bc2c8894980ba693fb13596ec0e639819225a0067018479 1348782 collectd-dbg_5.1.0-3+deb7u1_amd64.deb c627d6682efe4e8ce92c25a025e97ca95a097938132c6459e6663d126f4690ec 71308 libcollectdclient-dev_5.1.0-3+deb7u1_amd64.deb af08e5e13b013bee5c54e7b6e7ca44f98a188b34dde663f62d31459eb350a259 78338 libcollectdclient0_5.1.0-3+deb7u1_amd64.deb 4cfc3ca2e6d40af92e11d01041c1a3e9c9f3fda35b5163c066d2144f20fc1b0c 114422 collectd-dev_5.1.0-3+deb7u1_all.deb Files: ec071b3432a457be7aa92ddb40f19c45 3303 utils optional collectd_5.1.0-3+deb7u1.dsc adc58a0d448a359ecf737da9398898c6 1630323 utils optional collectd_5.1.0.orig.tar.gz ab73adf73860a69a8364df763cc12f74 71842 utils optional collectd_5.1.0-3+deb7u1.diff.gz 528422ef617cf31a6574bd5e45078416 920374 utils optional collectd-core_5.1.0-3+deb7u1_amd64.deb b47a4d2cef9e24eb4f4cff095a1e06ed 76722 utils optional collectd_5.1.0-3+deb7u1_amd64.deb b7581b8b7fdb55310b6347b37b3cb1af 88328 utils optional collectd-utils_5.1.0-3+deb7u1_amd64.deb 57a731459c918d1f50cec11c5eaec64a 1348782 debug extra collectd-dbg_5.1.0-3+deb7u1_amd64.deb 90eebe78d6a2121ee0e4d74a70827e6c 71308 libdevel optional libcollectdclient-dev_5.1.0-3+deb7u1_amd64.deb 2cce4f4bed850b8083686d30de1707bf 78338 libs optional libcollectdclient0_5.1.0-3+deb7u1_amd64.deb 0f0da4202c516238a9f02a669e4f51ef 114422 utils optional collectd-dev_5.1.0-3+deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJXmmCIAAoJEMwFfnIvH/zHkaMQAMRbJZhsmhkxMAPBJ8OpoXPq 9c1+NBsE88PJeLz8tS5CR7oZdn0At3uDy51lrsTFQhFeAnVBEPFkLuCbxw6mrquW MNPi9wlRDIT4aKScd4Rngt62cGDpvT9kPPplwhtxngy4hUPYTrdmq/K8QLLlsT2+
Accepted xmlrpc-epi 0.54.2-1+deb7u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Jul 2016 19:03:02 +0200 Source: xmlrpc-epi Binary: libxmlrpc-epi-dev libxmlrpc-epi0 libxmlrpc-epi0-dbg Architecture: source amd64 Version: 0.54.2-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Robin CorneliusChanged-By: Thorsten Alteholz Description: libxmlrpc-epi-dev - Development files for libxmlrpc-epi0, a XML-RPC request library libxmlrpc-epi0 - XML-RPC request serialisation/deserialisation library libxmlrpc-epi0-dbg - Debug symbols for libxmlrpc-epi0, a XML-RPC request library Changes: xmlrpc-epi (0.54.2-1+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-6296.patch Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. Checksums-Sha1: 4b5c737cf745cb796b54c70561bbadb2eed5ef2e 2202 xmlrpc-epi_0.54.2-1+deb7u1.dsc 256a790a6e2a61dc8cd6f99b7fb9c61543e3a3aa 526416 xmlrpc-epi_0.54.2.orig.tar.gz b25afc8d4b4840c7f7d92b1afcbee8a8c4abb013 6940 xmlrpc-epi_0.54.2-1+deb7u1.diff.gz 7af3a3ce544275b58cd5e906ddf4cd51a732ef77 54920 libxmlrpc-epi-dev_0.54.2-1+deb7u1_amd64.deb bc4ba308f0f5f123fd71244c0a572a4d3fa2142b 40990 libxmlrpc-epi0_0.54.2-1+deb7u1_amd64.deb 8ba21bb768ad37932371ebb8b568cc78350fb41b 81962 libxmlrpc-epi0-dbg_0.54.2-1+deb7u1_amd64.deb Checksums-Sha256: bc4e4e3399b18408dccab073967545afd16c5ab7e348d6c5436bb537adf5ccda 2202 xmlrpc-epi_0.54.2-1+deb7u1.dsc 397b60f39b51a339a2e505da1b9721a31c3e073aaac6c565de240f4e5356cf13 526416 xmlrpc-epi_0.54.2.orig.tar.gz 6585af6b3a774240dbad18b55f21cb7eb5c44cdcd03a423139c0943d90f355ee 6940 xmlrpc-epi_0.54.2-1+deb7u1.diff.gz abc5cf3e674ff4527d4055044f0799150fff8cb0beebb4f982c4ee44c074f560 54920 libxmlrpc-epi-dev_0.54.2-1+deb7u1_amd64.deb bcdbfe121eb7e1339589fdb206ba3731af42a4e70afa1fbf9febbb192c30b552 40990 libxmlrpc-epi0_0.54.2-1+deb7u1_amd64.deb 88f1450e702517de8a8c962454b7970b596dd95a260def79bfd89c499506a7e9 81962 libxmlrpc-epi0-dbg_0.54.2-1+deb7u1_amd64.deb Files: 2ce6a68a14d734f2ae77743bd4db759d 2202 libs extra xmlrpc-epi_0.54.2-1+deb7u1.dsc ea69b51ce4dbdb1a7223e287a4a96a49 526416 libs extra xmlrpc-epi_0.54.2.orig.tar.gz b26fd4eb0a170e1ecea3f235a3cef8b4 6940 libs extra xmlrpc-epi_0.54.2-1+deb7u1.diff.gz 2ad3c86cba6c256616e6827d863c469e 54920 libdevel extra libxmlrpc-epi-dev_0.54.2-1+deb7u1_amd64.deb f899980f614ca812fcd4bed729997f43 40990 libs extra libxmlrpc-epi0_0.54.2-1+deb7u1_amd64.deb 118e6a11bf110b2a50be0bea66418c31 81962 debug extra libxmlrpc-epi0-dbg_0.54.2-1+deb7u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQJ8BAEBCgBmBQJXm7D6XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH4MsP/1Z4uU7KLuKOvUhh8XsAPp8U CycqITEqNkpwasAbCQoXtXf1hNWZMqQrJ59Ljikzsm0AxypStEKPJ44UB2FEApO+ 2AveRTS/LOO+EVZ2c/nkNu7sm65RTUyuaoTGe+j1M6hoJnN1NRen8WOJgk2H0slZ jL3hpBKvSawBXQ2eMFNhaavWNqcqXiGzyJiXqTiEznbilwxtzER0fYN7k+rUHmH1 fYu2WQQMwINoNbOT+Ukyz6WZ9TlxdfsANbwyHz4dJ/vK0rFAlxRCtoSWfndYDHsA DsL8ifGCXVrRYMQzp2xaB1KFAT3X2vHbeYLk4R21DSP95yvNyqCGGP215muwPL6E hfVZDCZ1CYaY7ZnUVBclotgHOl6lO9A8aP23cyMsTTyFUrQxZNAQYyLDtcduxhrX Qm3EmjOWqZ/RmCbeMVuPrxRnjxoyW5AA9f1J+HEx3Jw1HfPdW98CmKoNly4smLEr tGwRLc8aD3g6my62AQDQVoK8pYd1OPS8M5cui2ZUpGG3WBKthdYSPSMTkFY3FsKg 69OPT8ACBUk2/q3KKAPhVrlDd4IuX8nNhQkQ+pPQ9CEXmQzHnu5CMhQhH/i4fBVc 6urCQw+iyf9ilme0gbXceLyz19lOEjrY8rUK/wreMfKjfo+2M5zGm+YGia4j582A 1OfpuVv2/DR7t1aK9T3l =ggF1 -END PGP SIGNATURE-