[Secure-testing-commits] r43332 - in data: CVE DLA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 21 06:57:30 UTC 2016 

Author: carnil
Date: 2016-07-21 06:57:30 +0000 (Thu, 21 Jul 2016)
New Revision: 43332

Modified:
   data/CVE/list
   data/DLA/list
Log:
CVE-2016-6250 assigned for libarchive issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-21 06:17:02 UTC (rev 43331)
+++ data/CVE/list	2016-07-21 06:57:30 UTC (rev 43332)
@@ -23,13 +23,11 @@
 CVE-2016-XXXX [insecure default PATH]
 	- dietlibc 0.34~cvs20160606-2
 	NOTE: http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
-CVE-2016-XXXX [Integer overflow when verifying filename size]
+CVE-2016-6250 [Integer overflow when verifying filename size]
 	- libarchive 3.2.1-1
-	[wheezy] - libarchive 3.0.4-3+wheezy2
-	NOTE: Workaround entry for DLA-554-1 until CVE is assigned
 	NOTE: https://github.com/libarchive/libarchive/issues/711
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/20/1
+	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
 CVE-2016-6252 [incorrect integer handling]
 	- shadow <unfixed>
 CVE-2016-6251 [potentially unsafe use of getlogin]

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-07-21 06:17:02 UTC (rev 43331)
+++ data/DLA/list	2016-07-21 06:57:30 UTC (rev 43332)
@@ -1,5 +1,5 @@
 [21 Jul 2016] DLA-554-1 libarchive - security update
-	{CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844}
+	{CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844 CVE-2016-6250}
 	[wheezy] - libarchive 3.0.4-3+wheezy2
 [20 Jul 2016] DLA-553-1 apache2 - security update
 	{CVE-2016-5387}

More information about the Secure-testing-commits mailing list