[Secure-testing-commits] r44116 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Aug 24 05:13:05 UTC 2016


Author: carnil
Date: 2016-08-24 05:13:04 +0000 (Wed, 24 Aug 2016)
New Revision: 44116

Modified:
   data/CVE/list
Log:
Mark CVE-2016-6318 as fixed with 2.9.2-2

Note for reviewers: I requested a new CVE for a second buffer overflow
uncovered. If MITRE dedices that this still belongs to CVE-2016-6318 I
will update this entry. CVE request is at

http://www.openwall.com/lists/oss-security/2016/08/23/8

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-23 21:10:11 UTC (rev 44115)
+++ data/CVE/list	2016-08-24 05:13:04 UTC (rev 44116)
@@ -1663,7 +1663,7 @@
 CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
 	RESERVED
 	{DLA-599-1}
-	- cracklib2 <unfixed> (bug #834502)
+	- cracklib2 2.9.2-2 (bug #834502)
 	[jessie] - cracklib2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
 	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash




More information about the Secure-testing-commits mailing list