[Secure-testing-commits] r44002 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Aug 16 18:47:35 UTC 2016


Author: carnil
Date: 2016-08-16 18:47:35 +0000 (Tue, 16 Aug 2016)
New Revision: 44002

Modified:
   data/CVE/list
Log:
Update status for cracklib2

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-16 18:38:16 UTC (rev 44001)
+++ data/CVE/list	2016-08-16 18:47:35 UTC (rev 44002)
@@ -1320,7 +1320,9 @@
 CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
 	RESERVED
 	- cracklib2 <unfixed> (bug #834502)
+	[jessie] - cracklib2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
+	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
 CVE-2016-6317 [unsafe query generation in Active Record]
 	RESERVED
 	- rails <unfixed> (bug #834154)




More information about the Secure-testing-commits mailing list