[Secure-testing-commits] r45625 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Oct 26 15:47:41 UTC 2016
Author: carnil
Date: 2016-10-26 15:47:41 +0000 (Wed, 26 Oct 2016)
New Revision: 45625
Modified:
data/CVE/list
Log:
Add bug references for CVE-2016-8859, #842169, #842171
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-26 14:46:00 UTC (rev 45624)
+++ data/CVE/list 2016-10-26 15:47:41 UTC (rev 45625)
@@ -686,10 +686,10 @@
- imagemagick <not-affected>
NOTE: For incomplete fix of CVE-2016-8862
NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
-CVE-2016-8859
+CVE-2016-8859 [Regex integer overflow in buffer size computations]
RESERVED
- - tre <unfixed>
- - musl <unfixed>
+ - tre <unfixed> (bug #842169)
+ - musl <unfixed> (bug #842171)
NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
NOTE: Also check lib/tre-match-parallel.c
NOTE: upstream issue: https://github.com/laurikari/tre/issues/45
More information about the Secure-testing-commits
mailing list