From ${URL} : Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. Upstream bug: https://github.com/collectd/collectd/issues/2174 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fd84be0f99d0192caf0f4e4f5a713f85a49a7e Maintainer stabilization via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3c62ade04937c479cadc21cdc20878b71ad05b3 Security cleanup via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40cd8316a2dd6fb07907f2f1b38d5828444daefe @ Security: Please proceed. I don't vote on my own packages.
Maintainer(s), Thank you for your work. GLSA Vote: No