[Secure-testing-commits] r40661 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 30 12:05:02 UTC 2016


Author: jmm
Date: 2016-03-30 12:05:02 +0000 (Wed, 30 Mar 2016)
New Revision: 40661

Modified:
   data/CVE/list
Log:
add reference for kamailio advisory
util-linux no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-30 11:35:40 UTC (rev 40660)
+++ data/CVE/list	2016-03-30 12:05:02 UTC (rev 40661)
@@ -2673,6 +2673,8 @@
 CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl]
 	RESERVED
 	- util-linux <unfixed> (bug #815922)
+	[jessie] - util-linux <no-dsa> (Minor issue)
+	NOTE: Restricting ioctl on the kernel side seems the better approach
 	[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
 	[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/27/1
@@ -3555,6 +3557,7 @@
 	{DSA-3535-1}
 	- kamailio 4.3.4-2 (bug #815178)
 	NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
+	NOTE: https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
 CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB descriptor]
 	RESERVED
 	{DSA-3503-1 DLA-439-1}




More information about the Secure-testing-commits mailing list