Bug#839607: Robustify manager_dispatch_notify_fd()

Michael Biebl biebl at debian.org
Mon Oct 3 11:40:45 BST 2016


Am 03.10.2016 um 12:11 schrieb Michael Biebl:
> Am 03.10.2016 um 08:22 schrieb Wolfgang Karall:
>> Hello Michael,
>>
>> On 16-10-02 22:36:00, Michael Biebl wrote:
>>> The news about systemd crashing when getting a zero sized message
>>> on the notification socket made the rounds recently.  While v215 is
>>> not directly affected by this crash (the code to access messages of
>>> length=0 was added in v219)
>> [..]
>>> I would propose to fix this in stable via regular stable update but
>>> would appreciate if the debian-security team would comment on this.
>>> If they would prefer a security upload I'm happy to do that as well.
>>
>> https://security-tracker.debian.org/tracker/CVE-2016-7796 says all but
>> the version in sid are vulnerable to CVE-2016-7796 and reading
> 
> No, sid is not vulnerable. It has been fixed in 231-9
> 
>> https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
>>
>> this sounds still rather serious, so a security upload would be
>> appreciated.
>>
> 
> This bugs is *not* about CVE-2016-7796 and as I wrote, stable is not
> affected by the crash.
> 
> Are you a member of the security team? I've never seen your name before
> so I'm a bit confused as I explicitly asked from input from the security
> team.

It was pointed out that I used the wrong list and that
debian-security at l.d.o is not actually the correct list to contact the
debian security team. So apologies for that.

I've added team at security.debian.org now and will drop
debian-security at lists.debian.org on further replies.

Dear security team, I'd appreciate your input on bug #839607

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20161003/9bbac3ce/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list