Hi Roman, On Sat, Dec 24, 2016 at 12:03:16PM +0300, Roman Tsisyk wrote: > > > > >Friday, December 23, 2016 7:09 PM +03:00 from Salvatore Bonaccorso > ><car...@debian.org>: > > > >Source: msgpuck > >Version: 1.0.3-1 > >Severity: important > >Tags: security upstream > >Forwarded: https://github.com/rtsisyk/msgpuck/issues/12 > > > >Hi, > > > >the following vulnerability was published for msgpuck. > > > >CVE-2016-9036[0]: > >Invalid handling of map16 format in mp_check() > > > >If you fix the vulnerability please also make sure to include the > >CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > >For further information see: > > > >[0] https://security-tracker.debian.org/tracker/CVE-2016-9036 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9036 > >[1] https://github.com/rtsisyk/msgpuck/issues/12 > >[2] http://www.talosintelligence.com/reports/TALOS-2016-0254/ > > > > I already prepared a fix for this bug [1]. > > [1]: https://github.com/rtsisyk/msgpuck/blob/master/debian/changelog#L5 > > The package is waiting for uploading, I'm not DD. > I added Dmitry E. Oboukhov to CC.
Alright, thanks a lot! Regards, Salvatore