Bug#839607: Robustify manager_dispatch_notify_fd()
Wolfgang Karall
lists+debian-security at karall-edv.at
Mon Oct 3 07:22:27 BST 2016
Hello Michael,
On 16-10-02 22:36:00, Michael Biebl wrote:
> The news about systemd crashing when getting a zero sized message
> on the notification socket made the rounds recently. While v215 is
> not directly affected by this crash (the code to access messages of
> length=0 was added in v219)
[..]
> I would propose to fix this in stable via regular stable update but
> would appreciate if the debian-security team would comment on this.
> If they would prefer a security upload I'm happy to do that as well.
https://security-tracker.debian.org/tracker/CVE-2016-7796 says all but
the version in sid are vulnerable to CVE-2016-7796 and reading
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
this sounds still rather serious, so a security upload would be
appreciated.
Cheers
Wolfgang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20161003/feaca4fb/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list