Am 03.10.2016 um 12:11 schrieb Michael Biebl: > Am 03.10.2016 um 08:22 schrieb Wolfgang Karall: >> Hello Michael, >> >> On 16-10-02 22:36:00, Michael Biebl wrote: >>> The news about systemd crashing when getting a zero sized message >>> on the notification socket made the rounds recently. While v215 is >>> not directly affected by this crash (the code to access messages of >>> length=0 was added in v219) >> [..] >>> I would propose to fix this in stable via regular stable update but >>> would appreciate if the debian-security team would comment on this. >>> If they would prefer a security upload I'm happy to do that as well. >> >> https://security-tracker.debian.org/tracker/CVE-2016-7796 says all but >> the version in sid are vulnerable to CVE-2016-7796 and reading > > No, sid is not vulnerable. It has been fixed in 231-9 > >> https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 >> >> this sounds still rather serious, so a security upload would be >> appreciated. >> > > This bugs is *not* about CVE-2016-7796 and as I wrote, stable is not > affected by the crash. > > Are you a member of the security team? I've never seen your name before > so I'm a bit confused as I explicitly asked from input from the security > team. It was pointed out that I used the wrong list and that debian-security@l.d.o is not actually the correct list to contact the debian security team. So apologies for that. I've added team@security.debian.org now and will drop debian-security@lists.debian.org on further replies. Dear security team, I'd appreciate your input on bug #839607 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature