Bug#923323: stretch-pu: CVE-2018-1000872: package python-pykmip/0.5.0-4

To: Thomas Goirand <zigo@debian.org>, 923323@bugs.debian.org
Subject: Bug#923323: stretch-pu: CVE-2018-1000872: package python-pykmip/0.5.0-4
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 09 Mar 2019 14:15:25 +0000
Message-id: <[🔎] 1552140925.11727.21.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 923323@bugs.debian.org
In-reply-to: <155118687411.16243.170724687572812383.reportbug@buzig2.debian.org>
References: <155118687411.16243.170724687572812383.reportbug@buzig2.debian.org> <155118687411.16243.170724687572812383.reportbug@buzig2.debian.org>

Control: tags -1 + confirmed

On Tue, 2019-02-26 at 14:14 +0100, Thomas Goirand wrote:
> Here's the changelog entry:
> 
> +  * CVE-2018-1000872: Resource Management Errors (similar issue to
> +    CVE-2015-5262) vulnerability in PyKMIP server that can result in
> DOS: the
> +    server can be made unavailable by one or more clients opening
> all of the
> +    available sockets. Applied upstream patch: Fix a denial-of-
> service bug by
> +    setting the server socket timeout (Closes: #917030).
> 
> The security team doesn't think a DSA is needed. Debdiff is attached.
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#923323: stretch-pu: CVE-2018-1000872: package python-pykmip/0.5.0-4
Next by Date: Bug#923556: stretch-pu: package r-cran-igraph/1.0.1-1+deb9u1
Previous by thread: Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5
Next by thread: Processed: Re: Bug#923323: stretch-pu: CVE-2018-1000872: package python-pykmip/0.5.0-4
Index(es):
- Date
- Thread