Bug#912169: stretch-pu: package systemd/232-25+deb9u6

To: Michael Biebl <biebl@debian.org>, 912169@bugs.debian.org
Cc: kibi@debian.org
Subject: Bug#912169: stretch-pu: package systemd/232-25+deb9u6
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 28 Oct 2018 19:58:52 +0000
Message-id: <[🔎] 1540756732.2134.40.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 912169@bugs.debian.org
In-reply-to: <[🔎] 154075375793.1158.4792763398708678471.reportbug@pluto.milchstrasse.xx>
References: <[🔎] 154075375793.1158.4792763398708678471.reportbug@pluto.milchstrasse.xx> <[🔎] 154075375793.1158.4792763398708678471.reportbug@pluto.milchstrasse.xx>

Control: tags -1 + confirmed d-i

On Sun, 2018-10-28 at 20:09 +0100, Michael Biebl wrote:
> a recently discovered vulnerability allows a malicious dhcp6 server
> to overwrite heap memory in systemd-networkd. This can lead to a
> crash (DoS) of networkd or in worst case a remote code execution [1].
> I was contacted by the security team about this issue. As networkd is
> not enabled by default, it wasn't deemed severe enough to be fixed
> via a stable-security upload and a fix via a regular stable upload
> seemed sufficient.
> I already asked for a stable upload for 9.6 in [2]. I'm not sure what
> the procedure is in such a case. Should I reupload 232-25+deb9u5 with
> this fix included or make a 232-25+deb9u6 upload?

+deb9u5 is already effectively released, as p-u is mirrored and used,
so this would want to be +deb9u6 (once KiBi-acked).

Regards,

Adam

Reply to:

References:
- Bug#912169: stretch-pu: package systemd/232-25+deb9u6
  - From: Michael Biebl <biebl@debian.org>

Prev by Date: Processed: Re: Bug#912169: stretch-pu: package systemd/232-25+deb9u6
Next by Date: Bug#912159: stretch-pu: package libmspack/0.5-1+deb9u3
Previous by thread: Processed: Re: Bug#912169: stretch-pu: package systemd/232-25+deb9u6
Next by thread: Bug#908612: stretch-pu: package ganeti/2.15.2-7+deb9u3
Index(es):
- Date
- Thread