From ${URL} : Multiple vulnerabilities were found within the nfcapd netflow collector daemon. An unauthenticated attacker may leverage these vulnerabilities to trigger a denial of service condition within the nfcapd daemon. Two read based heap overflow vulnerabilities were found within the IPFIX processing code and one logic based denial of service was found in the Netflow V9 processing code. External references: http://www.security-assessment.com/files/documents/advisory/Nfdump%20nfcapd%201.6.14%20-%20Multiple%20Vulnerabilities.pdf References: http://seclists.org/fulldisclosure/2016/May/28 Upstream fixes: https://github.com/phaag/nfdump/commit/ff0e855bd1f51bed9fc5d8559c64d3cfb475a5d8 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
" 07/05/2016 - Updated version released on GitHub " It doesn't look like this happened yet.
Arch teams, please test and mark stable: =net-analyzer/nfdump-1.6.14-r1 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA Vote: No.