[Secure-testing-commits] r43236 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 16 05:30:34 UTC 2016
Author: carnil
Date: 2016-07-16 05:30:32 +0000 (Sat, 16 Jul 2016)
New Revision: 43236
Modified:
data/CVE/list
Log:
Expand note for CVE-2016-4300
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-16 05:19:17 UTC (rev 43235)
+++ data/CVE/list 2016-07-16 05:30:32 UTC (rev 43236)
@@ -5931,7 +5931,12 @@
NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
NOTE: http://www.talosintel.com/reports/TALOS-2016-0152/
NOTE: https://github.com/libarchive/libarchive/issues/718
- NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573 (notice introduction of UMAX_ENTRY)
+ NOTE: Requirement: https://github.com/libarchive/libarchive/commit/3d469df8eaace8297a27ce62befa295c0fdc5a3a
+ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573 (v3.2.1)
+ NOTE: Notice introduction of UMAX_ENTRY with 3d469df8eaace8297a27ce62befa295c0fdc5a3a
+ NOTE: Libarchive 3.1.2 and lower has a much smaller "UMAX_ENTRY", which is hardcoded
+ NOTE: in various places before 3d469df8eaace8297a27ce62befa295c0fdc5a3a and has value
+ NOTE: 1000000, making exploitation more difficult but not impossible.
CVE-2016-4299
RESERVED
CVE-2016-4298
More information about the Secure-testing-commits
mailing list