[Secure-testing-commits] r46299 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Nov 18 05:09:20 UTC 2016
Author: carnil
Date: 2016-11-18 05:09:20 +0000 (Fri, 18 Nov 2016)
New Revision: 46299
Modified:
data/CVE/list
Log:
Add CVE-2016-9401/bash
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-18 05:03:44 UTC (rev 46298)
+++ data/CVE/list 2016-11-18 05:09:20 UTC (rev 46299)
@@ -24,6 +24,10 @@
[jessie] - drupal7 7.32-1+deb8u8
NOTE: Workaround entry for DSA-3718-1 until CVE is assigned
NOTE: https://www.drupal.org/SA-CORE-2016-005
+CVE-2016-9401 [popd controlled free]
+ - bash <unfixed>
+ [jessie] - bash <no-dsa> (Minor issue)
+ NOTE: Upstream bash considers this issue only to be a bug.
CVE-2016-9399 [jpc_dec.c:1650: void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))' failed.]
- jasper <removed> (unimportant)
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
More information about the Secure-testing-commits
mailing list