[Secure-testing-commits] r44545 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 13 05:14:14 UTC 2016
Author: carnil
Date: 2016-09-13 05:14:14 +0000 (Tue, 13 Sep 2016)
New Revision: 44545
Modified:
data/CVE/list
Log:
Add CVE-2016-5418/libarchive
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-13 05:03:44 UTC (rev 44544)
+++ data/CVE/list 2016-09-13 05:14:14 UTC (rev 44545)
@@ -8239,8 +8239,12 @@
NOTE: https://curl.haxx.se/docs/adv_20160803A.html
NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
NOTE: Wheezy: vulnerable code is in lib/sslgen.c
-CVE-2016-5418
+CVE-2016-5418 [Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite]
RESERVED
+ - libarchive <unfixed>
+ NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
+ NOTE: Centos addition patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
+ TODO: Red Hat does not yet reference the corresponding (acknowledged) upstream commits, wait for details
CVE-2016-5417 [per-thread memory leak in __res_vinit with IPv6 nameservers]
RESERVED
- glibc 2.22-4 (bug #833302)
More information about the Secure-testing-commits
mailing list