Hi, On Mon, Oct 03, 2016 at 12:48:15PM +0200, Florian Weimer wrote: > * Michael Biebl: > > > Dear security team, I'd appreciate your input on bug #839607 > > It's a bug, and it should be fixed in stable, probably in a point > update.
Agreed, and fixing via point release seems okay. > Does this affect other distributions? In this case, it's best to > request a CVE ID on the oss-security list. I think this is already CVE-2016-7796. There were two CVE assingments for systemd recently, CVE-2016-7795 and CVE-2016-7796, and assigned here: https://marc.info/?l=oss-security&m=147521835218986&w=2 CVE-2016-7795 is for https://github.com/systemd/systemd/issues/4234 https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet which does not affect stable. CVE-2016-7796 is for https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 with fix https://github.com/systemd/systemd/pull/4240 which is this bug #839607. Does this look correct to you as well, Florian? Regards, Salvatore
