[Secure-testing-commits] r45349 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 16 05:41:26 UTC 2016
Author: carnil
Date: 2016-10-16 05:41:26 +0000 (Sun, 16 Oct 2016)
New Revision: 45349
Modified:
data/CVE/list
Log:
Add CVe-2016-8688/libarchive
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-16 05:41:17 UTC (rev 45348)
+++ data/CVE/list 2016-10-16 05:41:26 UTC (rev 45349)
@@ -52,6 +52,14 @@
CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
- jasper <unfixed>
NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
+CVE-2016-8688
+ - libarchive <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
+ NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
+ NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
+ NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
+ NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
+ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca
CVE-2016-8687
- libarchive <unfixed>
NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
More information about the Secure-testing-commits
mailing list