[Secure-testing-commits] r45356 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-10-16 06:12:23 +0000 (Sun, 16 Oct 2016)
New Revision: 45356

Modified:
   data/CVE/list
Log:
CVE-2016-8679, CVE-2016-8680, CVE-2016-8681 assigned for dwarfutils

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-16 06:07:39 UTC (rev 45355)
+++ data/CVE/list	2016-10-16 06:12:23 UTC (rev 45356)
@@ -496,15 +496,21 @@
 	NOTE: and no mechanism is currently known by which an attacker who does not
 	NOTE: already have root privileges could induce systemd to send messages
 	NOTE: that would trigger the format string vulnerability.
-CVE-2016-XXXX [dwarf_util.c: heap-based buffer overflow in _dwarf_get_size_of_val]
+CVE-2016-8679 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_size_of_val]
 	- dwarfutils <unfixed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/08/11
-CVE-2016-XXXX [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/11
+	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
+	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
+	NOTE: Same fix as CVE-2016-8681 but different issue
+CVE-2016-8680 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code]
 	- dwarfutils <unfixed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/08/12
-CVE-2016-XXXX [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code second one]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
+	NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
+CVE-2016-8681 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code second one]
 	- dwarfutils <unfixed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/08/13
+	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
+	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
+	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
 CVE-2016-8602 [type confusion]
 	RESERVED
 	{DSA-3691-1}