[Secure-testing-commits] r45353 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-10-16 05:59:14 +0000 (Sun, 16 Oct 2016)
New Revision: 45353

Modified:
   data/CVE/list
Log:
Add CVE-2016-867{5,6}/libav

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-16 05:49:12 UTC (rev 45352)
+++ data/CVE/list	2016-10-16 05:59:14 UTC (rev 45353)
@@ -70,6 +70,14 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
 	NOTE: https://github.com/libarchive/libarchive/issues/767
+CVE-2016-8676 [Issue that remains after addressing CVE-2016-8675 with e5b019725f53b79159931d3a7317107cbbfd0860]
+	- libav <removed>
+	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
+CVE-2016-8675
+	- libav <removed>
+	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
+	NOTE: Fixed by: https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
+	NOTE: Cf. CVE-2016-8676 as well which remain unfixed after e5b019725f53b79159931d3a7317107cbbfd0860
 CVE-2016-8674
 	- mupdf <unfixed>
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec