[Secure-testing-commits] r38222 - in data: . CVE
Guido Guenther
agx at moszumanska.debian.org
Fri Dec 11 10:14:37 UTC 2015
Author: agx
Date: 2015-12-11 10:14:37 +0000 (Fri, 11 Dec 2015)
New Revision: 38222
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Squeeze's dwarfutils affected by CVE-2015-8538
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-11 09:48:43 UTC (rev 38221)
+++ data/CVE/list 2015-12-11 10:14:37 UTC (rev 38222)
@@ -1026,6 +1026,7 @@
- dwarfutils <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2
+ NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/
TODO: check
CVE-2015-8533
RESERVED
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-12-11 09:48:43 UTC (rev 38221)
+++ data/dla-needed.txt 2015-12-11 10:14:37 UTC (rev 38222)
@@ -16,6 +16,9 @@
dbconfig-common
NOTE: maintainer should take care of this, cf https://lists.debian.org/565626BF.2010307@debian.org
--
+dwarfutils
+ NOTE: exploit does not crash dwarfutils but _dwarf_get_abbrev_for_code lacks the check
+--
libpng (Thorsten Alteholz)
--
libraw
More information about the Secure-testing-commits
mailing list