[Secure-testing-commits] r43751 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Aug 3 21:10:11 UTC 2016
Author: sectracker
Date: 2016-08-03 21:10:11 +0000 (Wed, 03 Aug 2016)
New Revision: 43751
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-03 19:00:18 UTC (rev 43750)
+++ data/CVE/list 2016-08-03 21:10:11 UTC (rev 43751)
@@ -1,3 +1,27 @@
+CVE-2016-6519
+ RESERVED
+CVE-2016-6518
+ RESERVED
+CVE-2016-6517
+ RESERVED
+CVE-2016-6515
+ RESERVED
+CVE-2016-6514
+ RESERVED
+CVE-2016-6502
+ RESERVED
+CVE-2016-6501
+ RESERVED
+CVE-2016-6500
+ RESERVED
+CVE-2016-6499
+ RESERVED
+CVE-2016-6498
+ RESERVED
+CVE-2016-6497
+ RESERVED
+CVE-2016-6496
+ RESERVED
CVE-2016-6525
- mupdf <unfixed>
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
@@ -3,15 +27,20 @@
NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
CVE-2016-6523 [reflected XSS vulnerabilities in media manager]
+ RESERVED
- dotclear <removed>
[jessie] - dotclear <no-dsa> (Minor issue)
NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
CVE-2016-6522
+ RESERVED
NOT-FOR-US: OpenBSD
CVE-2016-6521
+ RESERVED
- grails <itp> (bug #473213)
CVE-2016-6520
+ RESERVED
- imagemagick <unfixed>
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6
CVE-2016-6516 [double fetch leading to heap overflow]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -56,6 +85,7 @@
CVE-2016-6484
RESERVED
CVE-2016-6513 [WBXML crash (wnpa-sec-2016-49)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-49.html
@@ -63,6 +93,7 @@
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6512 [MMSE, WAP, WBXML, and WSP infinite loop (wnpa-sec-2016-48)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-48.html
@@ -70,6 +101,7 @@
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6511 [OpenFlow long loop (wnpa-sec-2016-47)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-47.html
@@ -77,6 +109,7 @@
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6510 [RLC dissector crash (wnpa-sec-2016-46)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-46.html
@@ -84,6 +117,7 @@
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6509 [LDSS dissector crash (wnpa-sec-2016-45)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-45.html
@@ -91,6 +125,7 @@
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6508 [RLC long loop (wnpa-sec-2016-44)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-44.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
@@ -98,6 +133,7 @@
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6507 [MMSE infinite loop (wnpa-sec-2016-43)]
+ RESERVED
- wireshark 2.0
NOTE: Only affects 1.12, marking 2.0 as fixed
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-43.html
@@ -106,6 +142,7 @@
NOTE: Affects 1.12.0 to 1.12.12, fixed 1.12.13
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6506 [WSP infinite loop (wnpa-sec-2016-42)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-42.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
@@ -113,6 +150,7 @@
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5, 1.12.13
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6505 [PacketBB dissector could divide by zero (wnpa-sec-2016-41)]
+ RESERVED
- wireshark 2.0.5+ga3be9c6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-41.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
@@ -120,6 +158,7 @@
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6504 [NDS dissector crash (wnpa-sec-2016-40)]
+ RESERVED
- wireshark 2.0
NOTE: Only affects 1.12, marking 2.0 as fixed
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-40.html
@@ -128,6 +167,7 @@
NOTE: Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6503 [CORBA IDL dissector crash on 64-bit Windows (wnpa-sec-2016-39)]
+ RESERVED
- wireshark <not-affected> (Only affects Wireshark on Windows)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-39.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
@@ -647,19 +687,17 @@
RESERVED
CVE-2016-6260
RESERVED
-CVE-2016-6259 [x86: Missing SMAP whitelisting in 32-bit exception / event delivery]
- RESERVED
+CVE-2016-6259 (Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access ...)
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.5 and later)
[wheezy] - xen <not-affected> (Only affects 4.5 and later)
NOTE: http://xenbits.xen.org/xsa/advisory-183.html
-CVE-2016-6258 [x86: Privilege escalation in PV guests]
- RESERVED
+CVE-2016-6258 (The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows ...)
{DSA-3633-1 DLA-571-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-182.html
-CVE-2016-6257
- RESERVED
+CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon ...)
+ TODO: check
CVE-2016-6256
RESERVED
CVE-2016-6254
@@ -1087,8 +1125,7 @@
[wheezy] - zendframework <not-affected> (introduced after 1.12.9)
NOTE: http://framework.zend.com/security/advisory/ZF2016-02
NOTE: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
-CVE-2016-6232
- RESERVED
+CVE-2016-6232 (Directory traversal vulnerability in KArchive before 5.24, as used in ...)
{DLA-570-1}
- karchive 5.24.0-1
- kde4libs 4:4.14.22-2 (bug #832620)
@@ -1160,10 +1197,10 @@
RESERVED
CVE-2016-6194
RESERVED
-CVE-2016-6193
- RESERVED
-CVE-2016-6192
- RESERVED
+CVE-2016-6193 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with ...)
+ TODO: check
+CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with ...)
+ TODO: check
CVE-2016-1000026
RESERVED
CVE-2016-1000025
@@ -1339,8 +1376,8 @@
RESERVED
CVE-2016-6179
RESERVED
-CVE-2016-6178
- RESERVED
+CVE-2016-6178 (Huawei NE40E and CX600 devices with software before V800R007SPH017; ...)
+ TODO: check
CVE-2016-6177
RESERVED
CVE-2016-6176
@@ -1349,8 +1386,7 @@
- trn <removed> (bug #830294)
[jessie] - trn <no-dsa> (non-free not supported)
[wheezy] - trn <no-dsa> (non-free not supported)
-CVE-2016-6185
- RESERVED
+CVE-2016-6185 (The XSLoader::load method in XSLoader in Perl does not properly locate ...)
{DSA-3628-1 DLA-565-1}
- perl 5.22.2-2 (bug #829578)
CVE-2016-6175
@@ -2459,20 +2495,20 @@
CVE-2016-5743 (Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, ...)
TODO: check
CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the ...)
- {DLA-568-1}
+ {DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
NOTE: https://core.trac.wordpress.org/ticket/37111
NOTE: https://core.trac.wordpress.org/changeset/37818
CVE-2016-5838 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
- {DLA-568-1}
+ {DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://core.trac.wordpress.org/changeset/37762/
NOTE: https://core.trac.wordpress.org/ticket/37047
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
TODO: check if this is the correct change, according to announce Michael Adams is reporter, but ticket mentions Jeremy Felt as reporter
CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
- {DLA-568-1}
+ {DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
NOTE: Upstream bug: https://core.trac.wordpress.org/ticket/36379
@@ -2483,12 +2519,12 @@
NOTE: Upstream ticket: https://core.trac.wordpress.org/ticket/36767
NOTE: Fixed by (Branch 4.4): https://core.trac.wordpress.org/changeset/37798
CVE-2016-5835 (WordPress before 4.5.3 allows remote attackers to obtain sensitive ...)
- {DLA-568-1}
+ {DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
NOTE: https://core.trac.wordpress.org/changeset/37800
CVE-2016-5834 (Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...)
- {DLA-568-1}
+ {DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
NOTE: https://core.trac.wordpress.org/changeset/37790/
@@ -2498,7 +2534,7 @@
[wheezy] - wordpress <not-affected> (vulnerable code not present)
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to ...)
- {DLA-568-1}
+ {DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37773/
@@ -2737,18 +2773,18 @@
RESERVED
CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x ...)
TODO: check
-CVE-2016-5671
- RESERVED
-CVE-2016-5670
- RESERVED
-CVE-2016-5669
- RESERVED
-CVE-2016-5668
- RESERVED
-CVE-2016-5667
- RESERVED
-CVE-2016-5666
- RESERVED
+CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...)
+ TODO: check
+CVE-2016-5670 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
+ TODO: check
+CVE-2016-5669 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
+ TODO: check
+CVE-2016-5668 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
+ TODO: check
+CVE-2016-5667 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
+ TODO: check
+CVE-2016-5666 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
+ TODO: check
CVE-2016-5665
RESERVED
CVE-2016-5664
@@ -2800,10 +2836,10 @@
RESERVED
CVE-2016-5641
RESERVED
-CVE-2016-5640
- RESERVED
-CVE-2016-5639
- RESERVED
+CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron ...)
+ TODO: check
+CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on Crestron ...)
+ TODO: check
CVE-2016-5638
RESERVED
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
@@ -3320,18 +3356,21 @@
RESERVED
CVE-2016-5421 [TLS session resumption client cert bypass]
RESERVED
+ {DSA-3638-1}
- curl 7.50.1-1
[wheezy] - curl <not-affected> (introduced in 7.32.0)
NOTE: https://curl.haxx.se/docs/adv_20160803C.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
CVE-2016-5420 [Re-using connection with wrong client cert]
RESERVED
+ {DSA-3638-1}
- curl 7.50.1-1
NOTE: https://curl.haxx.se/docs/adv_20160803B.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5419 [TLS session resumption client cert bypass]
RESERVED
+ {DSA-3638-1}
- curl 7.50.1-1
NOTE: https://curl.haxx.se/docs/adv_20160803A.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
@@ -3382,8 +3421,7 @@
RESERVED
CVE-2016-5404
RESERVED
-CVE-2016-5403 [virtio: unbounded memory allocation on host via guest leading to DoS]
- RESERVED
+CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...)
{DLA-574-1 DLA-573-1}
- qemu <unfixed> (bug #832619)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
@@ -4034,21 +4072,25 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
CVE-2016-5265
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
CVE-2016-5264
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
CVE-2016-5263
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
CVE-2016-5262
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
@@ -4064,11 +4106,13 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
CVE-2016-5259
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
CVE-2016-5258
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
@@ -4083,6 +4127,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
CVE-2016-5254
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
@@ -4093,6 +4138,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
CVE-2016-5252
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
@@ -4373,8 +4419,8 @@
TODO: check
CVE-2016-5230 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
TODO: check
-CVE-2016-5229
- RESERVED
+CVE-2016-5229 (Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not ...)
+ TODO: check
CVE-2016-5228 (Stack-based buffer overflow in the PlayMacro function in ...)
TODO: check
CVE-2016-5227
@@ -5681,8 +5727,8 @@
RESERVED
CVE-2016-4834 (modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does ...)
TODO: check
-CVE-2016-4833
- RESERVED
+CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin ...)
+ TODO: check
CVE-2016-4832
RESERVED
CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 ...)
@@ -8862,8 +8908,7 @@
NOTE: Source-wise fixed in 7.49.0
CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict access to ...)
NOT-FOR-US: OpenShift Enterprise
-CVE-2016-3737
- RESERVED
+CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 ...)
NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
RESERVED
@@ -9132,6 +9177,7 @@
NOTE: Fixed in 5.6.11, 5.5.27, 5.4.43
NOTE: https://bugs.php.net/bug.php?id=69669
CVE-2015-8834 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...)
+ {DSA-3639-1}
- wordpress 4.2.2+dfsg-1
NOTE: https://wordpress.org/news/2015/05/wordpress-4-2-2/
NOTE: Follow-up patch from 4.2.1 -> 4.2.2 for wp-includes/wp-db.php seems not applied
@@ -11330,16 +11376,19 @@
TODO: check details, what is ffmpeg 0.10 supposed to mean?
CVE-2016-2838
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
CVE-2016-2837
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
CVE-2016-2836
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
@@ -11366,6 +11415,7 @@
- firefox 47.0-1
CVE-2016-2830
RESERVED
+ {DSA-3640-1}
- firefox 48.0-1
- firefox-esr 45.3.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
@@ -12759,8 +12809,8 @@
NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before ...)
NOT-FOR-US: Android
-CVE-2016-2408
- RESERVED
+CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client ...)
+ TODO: check
CVE-2016-2407
RESERVED
CVE-2016-2406
@@ -15510,8 +15560,8 @@
NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
CVE-2016-1713
RESERVED
-CVE-2016-1712
- RESERVED
+CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x ...)
+ TODO: check
CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C ...)
{DSA-3481-1 DSA-3480-1 DLA-411-1}
- glibc 2.21-7 (bug #812455)
@@ -17374,8 +17424,7 @@
- duck 0.10
[jessie] - duck <no-dsa> (Will be fixed via point release)
NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
-CVE-2016-1238 [unsafe module load path flaw]
- RESERVED
+CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) ...)
{DSA-3628-1 DLA-565-1}
- perl 5.22.2-3
- libsys-syslog-perl <removed>
More information about the Secure-testing-commits
mailing list