[Secure-testing-commits] r44888 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Sep 25 13:19:43 UTC 2016


Author: carnil
Date: 2016-09-25 13:19:42 +0000 (Sun, 25 Sep 2016)
New Revision: 44888

Modified:
   data/CVE/list
Log:
Add CVE-2016-7545/policycoreutils

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-25 11:54:15 UTC (rev 44887)
+++ data/CVE/list	2016-09-25 13:19:42 UTC (rev 44888)
@@ -2167,8 +2167,12 @@
 	RESERVED
 CVE-2016-7546
 	RESERVED
-CVE-2016-7545
+CVE-2016-7545 [SELinux sandbox escape via TIOCSTI ioctl]
 	RESERVED
+	- policycoreutils <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
+	NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
+	NOTE: Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
 CVE-2016-7544
 	RESERVED
 	- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers)




More information about the Secure-testing-commits mailing list