[Secure-testing-commits] r44116 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Aug 24 05:13:05 UTC 2016
Author: carnil
Date: 2016-08-24 05:13:04 +0000 (Wed, 24 Aug 2016)
New Revision: 44116
Modified:
data/CVE/list
Log:
Mark CVE-2016-6318 as fixed with 2.9.2-2
Note for reviewers: I requested a new CVE for a second buffer overflow
uncovered. If MITRE dedices that this still belongs to CVE-2016-6318 I
will update this entry. CVE request is at
http://www.openwall.com/lists/oss-security/2016/08/23/8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-23 21:10:11 UTC (rev 44115)
+++ data/CVE/list 2016-08-24 05:13:04 UTC (rev 44116)
@@ -1663,7 +1663,7 @@
CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
RESERVED
{DLA-599-1}
- - cracklib2 <unfixed> (bug #834502)
+ - cracklib2 2.9.2-2 (bug #834502)
[jessie] - cracklib2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
More information about the Secure-testing-commits
mailing list