[Secure-testing-commits] r42964 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Fri Jul 1 17:14:36 UTC 2016
Author: apo
Date: 2016-07-01 17:14:36 +0000 (Fri, 01 Jul 2016)
New Revision: 42964
Modified:
data/CVE/list
Log:
CVE-2015-8916: Mark as not-affected for Wheezy
CVE is not reproducible in Wheezy with reproducer from
https://github.com/libarchive/libarchive/issues/504
but the issue can be triggered with the current version in Stretch.
Hence I assume that the reproducer works but the bug is not present in Wheezy's
version of bsdtar.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-01 15:40:19 UTC (rev 42963)
+++ data/CVE/list 2016-07-01 17:14:36 UTC (rev 42964)
@@ -2173,7 +2173,9 @@
CVE-2015-8916
RESERVED
- libarchive 3.2.0-2
+ [wheezy] - libarchive <not-affected> (no segfault, not reproducible with reproducer)
NOTE: https://github.com/libarchive/libarchive/issues/504
+ NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
CVE-2015-8915
RESERVED
- libarchive 3.2.0-2 (low; bug #784213)
More information about the Secure-testing-commits
mailing list