[Secure-testing-commits] r44566 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 13 19:49:56 UTC 2016
Author: carnil
Date: 2016-09-13 19:49:56 +0000 (Tue, 13 Sep 2016)
New Revision: 44566
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2016-5418, #837714
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-13 19:21:33 UTC (rev 44565)
+++ data/CVE/list 2016-09-13 19:49:56 UTC (rev 44566)
@@ -8250,7 +8250,7 @@
NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5418 [Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite]
RESERVED
- - libarchive <unfixed>
+ - libarchive <unfixed> (bug #837714)
NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
NOTE: Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
More information about the Secure-testing-commits
mailing list