[Secure-testing-commits] r46806 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-12-06 05:36:24 +0000 (Tue, 06 Dec 2016)
New Revision: 46806

Modified:
   data/CVE/list
Log:
Add note why CVE-216-8655 is not critical for Debian

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-06 05:33:36 UTC (rev 46805)
+++ data/CVE/list	2016-12-06 05:36:24 UTC (rev 46806)
@@ -9407,6 +9407,7 @@
 	NOTE: http://seclists.org/oss-sec/2016/q4/607
 	NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
+	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
 CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
 	RESERVED
 	- jasper <removed>