[Secure-testing-commits] r42913 - in data: . CVE

Petter Reinholdtsen pere at moszumanska.debian.org
Thu Jun 30 13:28:21 UTC 2016 

Author: pere
Date: 2016-06-30 13:28:21 +0000 (Thu, 30 Jun 2016)
New Revision: 42913

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
Add git repo for libarchive work.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-30 12:17:54 UTC (rev 42912)
+++ data/CVE/list	2016-06-30 13:28:21 UTC (rev 42913)
@@ -1548,14 +1548,18 @@
 	- libarchive 3.2.1-1
 	NOTE: https://github.com/libarchive/libarchive/issues/521
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/603454ec03040c29bd051fcc749e3c1433c11a8e
-CVE-2015-8933
+CVE-2015-8933 [undefined behaviour / signed integer overflow in archive_read_format_tar_skip()]
 	RESERVED
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/548
+	NOTE: https://github.com/libarchive/libarchive/issues/582
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3c7a6dc6694d9b26400d2bd672e04d09ed8a4276
 CVE-2015-8932
 	RESERVED
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/547
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/f0b1dbbc325a2d922015eee402b72edd422cb9ea and part of https://github.com/libarchive/libarchive/commit/55ce98e829eda3a4356c2be64a778d8740c2cf6c and https://github.com/libarchive/libarchive/commit/618618c8a6be453f79e0bdbdeab6e1dd8bf429b3
+	NOTE: Part of the problematic code was introduced with commit bf4f6ec64ef3edefbc41172692868fb8df514805 to fix https://github.com/libarchive/libarchive/issues/356
 CVE-2015-8931
 	RESERVED
 	- libarchive 3.2.0-2

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2016-06-30 12:17:54 UTC (rev 42912)
+++ data/dsa-needed.txt	2016-06-30 13:28:21 UTC (rev 42913)
@@ -26,7 +26,8 @@
 icu
 --
 libarchive
-  Petter Reinholdtsen mentioned on IRC to prepare updates
+  Petter Reinholdtsen mentioned on IRC to prepare updates, working with
+  <URL: http://anonscm.debian.org/cgit/collab-maint/libarchive.git/log/?h=debian-jessie > 
 --
 libgd2
 --

More information about the Secure-testing-commits mailing list