[Secure-testing-commits] r43453 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jul 25 13:36:12 UTC 2016
Author: carnil
Date: 2016-07-25 13:36:12 +0000 (Mon, 25 Jul 2016)
New Revision: 43453
Modified:
data/CVE/list
Log:
Add CVE-2016-1238/perl
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-25 13:36:03 UTC (rev 43452)
+++ data/CVE/list 2016-07-25 13:36:12 UTC (rev 43453)
@@ -16566,8 +16566,14 @@
- duck 0.10
[jessie] - duck <no-dsa> (Will be fixed via point release)
NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
-CVE-2016-1238
+CVE-2016-1238 [unsafe module load path flaw]
RESERVED
+ - perl <unfixed>
+ - libsys-syslog-perl <removed>
+ NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
+ NOTE: Although more modules and scripts are affected by similar issue and mentioned
+ NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived)
+ NOTE: and thus not adding more source packages here.
CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypass ...)
{DSA-3607-1}
- linux 4.6.2-2
More information about the Secure-testing-commits
mailing list