[Secure-testing-commits] r45348 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Oct 16 05:41:17 UTC 2016


Author: carnil
Date: 2016-10-16 05:41:17 +0000 (Sun, 16 Oct 2016)
New Revision: 45348

Modified:
   data/CVE/list
Log:
Add CVE-2016-8687/libarchive

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-16 05:32:54 UTC (rev 45347)
+++ data/CVE/list	2016-10-16 05:41:17 UTC (rev 45348)
@@ -52,6 +52,11 @@
 CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
 	- jasper <unfixed>
 	NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
+CVE-2016-8687
+	- libarchive <unfixed>
+	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
+	NOTE: https://github.com/libarchive/libarchive/issues/767
 CVE-2016-8670 [Stack Buffer Overflow in GD dynamicGetbuf]
 	{DSA-3693-1}
 	- libgd2 <unfixed> (bug #840805)




More information about the Secure-testing-commits mailing list