[Secure-testing-commits] r43339 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jul 21 14:33:17 UTC 2016
Author: carnil
Date: 2016-07-21 14:33:16 +0000 (Thu, 21 Jul 2016)
New Revision: 43339
Modified:
data/CVE/list
Log:
Clarify CVE-2016-6262 and CVE-2015-8948
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-21 14:30:23 UTC (rev 43338)
+++ data/CVE/list 2016-07-21 14:33:16 UTC (rev 43339)
@@ -6,8 +6,11 @@
CVE-2015-8948 [Solve out-of-bounds-read when reading one zero byte as input]
- libidn <unfixed>
NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 (libidn-1-33)
+ NOTE: When fixing this issue, the followup fix http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
+ NOTE: is required to fix the problem. (Resultet in followup CVE, CVE-2016-6262
+ NOTE: if not applied completely).
CVE-2016-6262 [Solve out-of-bounds-read when reading one zero byte as input]
- - libidn <unfixed>
+ - libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6261 [out-of-bounds stack read in idna_to_ascii_4i]
More information about the Secure-testing-commits
mailing list