Control: tags -1 + confirmed On Tue, 2019-02-26 at 14:14 +0100, Thomas Goirand wrote: > Here's the changelog entry: > > + * CVE-2018-1000872: Resource Management Errors (similar issue to > + CVE-2015-5262) vulnerability in PyKMIP server that can result in > DOS: the > + server can be made unavailable by one or more clients opening > all of the > + available sockets. Applied upstream patch: Fix a denial-of- > service bug by > + setting the server socket timeout (Closes: #917030). > > The security team doesn't think a DSA is needed. Debdiff is attached. >
Please go ahead. Regards, Adam
