[Secure-testing-commits] r43514 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jul 27 05:08:56 UTC 2016
Author: carnil
Date: 2016-07-27 05:08:55 +0000 (Wed, 27 Jul 2016)
New Revision: 43514
Modified:
data/CVE/list
Log:
Add CVE-2016-6354/flex
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-27 04:59:37 UTC (rev 43513)
+++ data/CVE/list 2016-07-27 05:08:55 UTC (rev 43514)
@@ -1,3 +1,9 @@
+CVE-2016-6354 [Buffer overflow in generated code (yy_get_next_buffer); related to num_to_read]
+ - flex <unfixed>
+ [wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
+ NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
+ NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
+ TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild
CVE-2016-6351 [scsi: esp: oob write access while reading ESP command]
- qemu <unfixed>
- qemu-kvm <removed>
More information about the Secure-testing-commits
mailing list