On 27.03.2015 21:03, Salvatore Bonaccorso wrote: > Source: slapi-nis > Version: 0.54-1 > Severity: grave > Tags: security upstream fixed-upstream > > Hi Timo, > > the following vulnerability was published for slapi-nis. I was not > able to verify the issue itself but only checked patch-wise. > > CVE-2015-0283[0]: > infinite loop in getgrnam_r() and getgrgid_r() > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-0283 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1195729
So I pushed a new upstream version instead of pulling commits, since upstream said it needed all (four) commits between 0.54.1..0.54.2. And .1 brought only two commits more. But this could be dropped from jessie too if necessary, there are no packages that depend on it. -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
