[Secure-testing-commits] r46755 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 3 19:38:23 UTC 2016
Author: carnil
Date: 2016-12-03 19:38:22 +0000 (Sat, 03 Dec 2016)
New Revision: 46755
Modified:
data/CVE/list
Log:
Mark CVE-2016-9480/dwarfutils as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-03 18:50:26 UTC (rev 46754)
+++ data/CVE/list 2016-12-03 19:38:22 UTC (rev 46755)
@@ -6006,10 +6006,13 @@
TODO: check
CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain ...)
- dwarfutils 20161124-1
+ [jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW201611-006
NOTE: https://sourceforge.net/p/libdwarf/bugs/5/
NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/
- TODO: check, might not affect older code
+ NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older
+ NOTE: versions, but there seem to be still back then an unchecked dereference
+ NOTE: of val_ptr.
CVE-2016-9479
RESERVED
CVE-2016-9478
More information about the Secure-testing-commits
mailing list