Re: Bug#839607: Robustify manager_dispatch_notify_fd()
- To: Florian Weimer <fw@deneb.enyo.de>, 839607@bugs.debian.org
- Cc: Michael Biebl <biebl@debian.org>, Wolfgang Karall <lists+debian-security@karall-edv.at>, "debian-security@lists.debian.org" <debian-security@lists.debian.org>, "team@security.debian.org" <team@security.debian.org>
- Subject: Re: Bug#839607: Robustify manager_dispatch_notify_fd()
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Mon, 3 Oct 2016 13:49:37 +0200
- Message-id: <[🔎] 20161003114937.as6ch2wfxaxh6mmc@eldamar.local>
- Mail-followup-to: Florian Weimer <fw@deneb.enyo.de>, 839607@bugs.debian.org, Michael Biebl <biebl@debian.org>, Wolfgang Karall <lists+debian-security@karall-edv.at>, "debian-security@lists.debian.org" <debian-security@lists.debian.org>, "team@security.debian.org" <team@security.debian.org>
- In-reply-to: <[🔎] 87vax93dzk.fsf@mid.deneb.enyo.de>
- References: <[🔎] 20161003062227.GA5956@lenny.fqdn.at> <[🔎] ff6c7dcf-1ac1-6f3f-7612-365dbc61d20e@debian.org> <[🔎] b1f9c960-4ed6-6b61-e5bc-6c7c702073fa@debian.org> <[🔎] 87vax93dzk.fsf@mid.deneb.enyo.de>
Hi,
On Mon, Oct 03, 2016 at 12:48:15PM +0200, Florian Weimer wrote:
> * Michael Biebl:
>
> > Dear security team, I'd appreciate your input on bug #839607
>
> It's a bug, and it should be fixed in stable, probably in a point
> update.
Agreed, and fixing via point release seems okay.
> Does this affect other distributions? In this case, it's best to
> request a CVE ID on the oss-security list.
I think this is already CVE-2016-7796.
There were two CVE assingments for systemd recently, CVE-2016-7795 and
CVE-2016-7796, and assigned here:
https://marc.info/?l=oss-security&m=147521835218986&w=2
CVE-2016-7795 is for
https://github.com/systemd/systemd/issues/4234
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
which does not affect stable.
CVE-2016-7796 is for
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
with fix https://github.com/systemd/systemd/pull/4240 which is this
bug #839607.
Does this look correct to you as well, Florian?
Regards,
Salvatore
Reply to: