[Secure-testing-commits] r39465 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Feb 4 19:30:50 UTC 2016
Author: carnil
Date: 2016-02-04 19:30:50 +0000 (Thu, 04 Feb 2016)
New Revision: 39465
Modified:
data/CVE/list
Log:
Update CVE-2016-2050/dwarfutils
Note for reviewers: Please double-check here that I did the right
conclusion and dwarfutils/ only is affected but not installed into the
binary package. Thus marking the whole issue as "unimportant".
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-04 18:37:10 UTC (rev 39464)
+++ data/CVE/list 2016-02-04 19:30:50 UTC (rev 39465)
@@ -952,14 +952,15 @@
- cpio <unfixed> (bug #812401)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
NOTE: To reproduce and uncover the issue with unstable version compile with ASAN
-CVE-2016-2050 [out of bound write in libdwarf -20151114]
+CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info]
RESERVED
- - dwarfutils <unfixed>
- [wheezy] - dwarfutils <no-dsa> (Minor issue)
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ - dwarfutils <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
- TODO: check versions in Debian
+ NOTE: Reasoning for "unimportant" severity: The affected source code is present
+ NOTE: in dwarfdump/, but in the binary package is installed dwarfdump2/ .
+ NOTE: dwarfdump2 (the C++ implentation) has been abandoned again by upstream in
+ NOTE: fawour of the C version.
CVE-2016-XXXX [Multiple minor security issues]
- imagemagick 8:6.8.9.9-7 (bug #811308)
TODO: check, needs possibly CVEs
More information about the Secure-testing-commits
mailing list