[Secure-testing-commits] r45696 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Oct 28 08:34:34 UTC 2016
Author: jmm
Date: 2016-10-28 08:34:33 +0000 (Fri, 28 Oct 2016)
New Revision: 45696
Modified:
data/CVE/list
Log:
bug filed for tar
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-28 08:25:10 UTC (rev 45695)
+++ data/CVE/list 2016-10-28 08:34:33 UTC (rev 45696)
@@ -776,14 +776,12 @@
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
- TODO: check affected versions
CVE-2016-8909 [audio: intel-hda: infinite loop in processing dma buffer stream]
RESERVED
- qemu <unfixed> (bug #841950)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
- TODO: check affected versions
CVE-2016-XXXX [Privilege escalation possible to other user than root]
- bash <unfixed> (unimportant; bug #841856)
NOTE: This is strongly related to the problem described in CVE-2016-7543 and the correction
@@ -8159,9 +8157,8 @@
NOT-FOR-US: ovirt-engine
CVE-2016-6321 [Bypassing the extract path name]
RESERVED
- - tar <unfixed>
+ - tar <unfixed> (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
- TODO: check
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
More information about the Secure-testing-commits
mailing list