Bug#839607: Robustify manager_dispatch_notify_fd()
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 3 12:49:37 BST 2016
Hi,
On Mon, Oct 03, 2016 at 12:48:15PM +0200, Florian Weimer wrote:
> * Michael Biebl:
>
> > Dear security team, I'd appreciate your input on bug #839607
>
> It's a bug, and it should be fixed in stable, probably in a point
> update.
Agreed, and fixing via point release seems okay.
> Does this affect other distributions? In this case, it's best to
> request a CVE ID on the oss-security list.
I think this is already CVE-2016-7796.
There were two CVE assingments for systemd recently, CVE-2016-7795 and
CVE-2016-7796, and assigned here:
https://marc.info/?l=oss-security&m=147521835218986&w=2
CVE-2016-7795 is for
https://github.com/systemd/systemd/issues/4234
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
which does not affect stable.
CVE-2016-7796 is for
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
with fix https://github.com/systemd/systemd/pull/4240 which is this
bug #839607.
Does this look correct to you as well, Florian?
Regards,
Salvatore
More information about the Pkg-systemd-maintainers
mailing list