[Secure-testing-commits] r58805 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 21 16:41:15 UTC 2017
Author: carnil
Date: 2017-12-21 16:41:15 +0000 (Thu, 21 Dec 2017)
New Revision: 58805
Modified:
data/CVE/list
Log:
Add CVE-2017-16995
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 16:37:27 UTC (rev 58804)
+++ data/CVE/list 2017-12-21 16:41:15 UTC (rev 58805)
@@ -8357,6 +8357,12 @@
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0c17d1d2c61936401f4702e1846e2c19b200f958
CVE-2017-16995
RESERVED
+ - linux <unfixed>
+ [jessie] - linux <not-affected> (Vulnerable code introduced later)
+ [wheezy] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f
+ NOTE: Starting with v4.14, this is exploitable by unprivileged users as long as
+ NOTE: the unprivileged_bpf_disabled sysctl isn't set.
CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which ...)
NOT-FOR-US: Pebble
CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists ...)
More information about the Secure-testing-commits
mailing list