[Secure-testing-commits] r44844 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 23 17:59:25 UTC 2016
Author: carnil
Date: 2016-09-23 17:59:25 +0000 (Fri, 23 Sep 2016)
New Revision: 44844
Modified:
data/CVE/list
Log:
Update information for CVE-2016-7410
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-23 17:42:29 UTC (rev 44843)
+++ data/CVE/list 2016-09-23 17:59:25 UTC (rev 44844)
@@ -2451,11 +2451,14 @@
CVE-2016-7410 [Heap buffer overflow in _dwarf_read_loc_section]
RESERVED
- dwarfutils <unfixed> (bug #838019)
- [wheezy] - dwarfutils <not-affected> (reproducer shows no errors with valgrind)
+ [jessie] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
+ [wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-003
NOTE: http://seclists.org/oss-sec/2016/q3/490
- NOTE: Reproducer does not show any errors (heap-based overflow) for Jessie version too.
- NOTE: The code for _dwarf_read_loc_section looks similar in previous versions, asked upstream.
+ NOTE: Initial addressed upstream in refactoring in:
+ NOTE: https://sourceforge.net/p/libdwarf/code/ci/e12f6c0b69c20f58dccc4505309cf7f974c34dc2
+ NOTE: with final fix/follow up: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
+ NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
CVE-2016-7409
RESERVED
- dropbear 2016.74-1 (unimportant)
More information about the Secure-testing-commits
mailing list