Changelog
collectd (5.5.2-1) unstable; urgency=high
* New upstream release.
- Fix heap overflow in the network plugin. Emilien Gaspar has identified a
heap overflow in parse_packet(), the function used by the network plugin
to parse incoming network packets. Thanks to Florian Forster for
reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
- Fix improper usage of gcry_control. A team of security researchers at
Columbia University and the University of Virginia discovered that
GCrypt's gcry_control is sometimes called without checking its return
value for an error. This may cause the program to be initialized without
the desired, secure settings. (Closes: #832577)
* debian/patches:
- bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
upstream release, except for: Don't abort() if gcrypt initialization
failed.
- Drop bts823012_librrd8.patch; merged upstream.
* Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
reporting this (Closes: #829634).
-- Sebastian Harl <email address hidden> Fri, 29 Jul 2016 00:02:11 +0200