[Secure-testing-commits] r38222 - in data: . CVE

Guido Guenther agx at moszumanska.debian.org
Fri Dec 11 10:14:37 UTC 2015


Author: agx
Date: 2015-12-11 10:14:37 +0000 (Fri, 11 Dec 2015)
New Revision: 38222

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Squeeze's dwarfutils affected by CVE-2015-8538

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-11 09:48:43 UTC (rev 38221)
+++ data/CVE/list	2015-12-11 10:14:37 UTC (rev 38222)
@@ -1026,6 +1026,7 @@
 	- dwarfutils <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2
+	NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/
 	TODO: check
 CVE-2015-8533
 	RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-12-11 09:48:43 UTC (rev 38221)
+++ data/dla-needed.txt	2015-12-11 10:14:37 UTC (rev 38222)
@@ -16,6 +16,9 @@
 dbconfig-common
   NOTE: maintainer should take care of this, cf https://lists.debian.org/565626BF.2010307@debian.org
 --
+dwarfutils
+  NOTE: exploit does not crash dwarfutils but _dwarf_get_abbrev_for_code lacks the check
+--
 libpng (Thorsten Alteholz)
 --
 libraw




More information about the Secure-testing-commits mailing list