[Secure-testing-commits] r44569 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Sep 14 04:31:04 UTC 2016
Author: carnil
Date: 2016-09-14 04:30:57 +0000 (Wed, 14 Sep 2016)
New Revision: 44569
Modified:
data/CVE/list
Log:
Add notes for CVE-2016-5418
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-13 19:59:44 UTC (rev 44568)
+++ data/CVE/list 2016-09-14 04:30:57 UTC (rev 44569)
@@ -8254,6 +8254,12 @@
NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
NOTE: Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1362601, relates to upstream bugs #744, #745 and #746
+ NOTE: https://github.com/libarchive/libarchive/issues/743 (umbrella report)
+ NOTE: https://github.com/libarchive/libarchive/issues/744
+ NOTE: https://github.com/libarchive/libarchive/issues/745
+ NOTE: https://github.com/libarchive/libarchive/issues/746
+ TODO: still need to check details about the CVE, cf. comments in Red Hat bugzilla, Salvatore contacted Red Hat
CVE-2016-5417 [per-thread memory leak in __res_vinit with IPv6 nameservers]
RESERVED
- glibc 2.22-4 (bug #833302)
More information about the Secure-testing-commits
mailing list