[Secure-testing-commits] r48017 - in data: CVE DSA

Sat Jan 14 07:11:47 UTC 2017

Author: carnil
Date: 2017-01-14 07:11:47 +0000 (Sat, 14 Jan 2017)
New Revision: 48017

Modified:
   data/CVE/list
   data/DSA/list
Log:
Update libebml entries according to jmm's first research and then comparing with TALOS reports and upstream commits from previous DSA

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-01-14 06:56:49 UTC (rev 48016)
+++ data/CVE/list	2017-01-14 07:11:47 UTC (rev 48017)
@@ -39229,13 +39229,13 @@
 CVE-2016-1516
 	RESERVED
 CVE-2016-1515 (A use-after-free / double-free vulnerability can occur in libebml ...)
-	- libebml <undetermined>
+	- libebml 1.3.3-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0037/
-	NOTE: Looks like a dupe of the issues fixed in DSA-3538-1
+	NOTE: Duplicate of CVE-2015-8789 / DSA-3538-1
 CVE-2016-1514 (A specially crafted unicode string in libebml master branch can cause ...)
-	- libebml <undetermined>
+	- libebml 1.3.3-1
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0036/
-	NOTE: Looks like a dupe of the issues fixed in DSA-3538-1
+	NOTE: Duplicate of CVE-2015-8790 / DSA-3538-1
 CVE-2016-1513 (The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote ...)
 	{DLA-591-1}
 	- libreoffice 1:4.3.3-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-01-14 06:56:49 UTC (rev 48016)
+++ data/DSA/list	2017-01-14 07:11:47 UTC (rev 48017)
@@ -709,7 +709,7 @@
 	[wheezy] - srtp 1.4.4+20100615~dfsg-2+deb7u2
 	[jessie] - srtp 1.4.5~20130609~dfsg-1.1+deb8u1
 [31 Mar 2016] DSA-3538-1 libebml - security update
-	{CVE-2015-8789 CVE-2015-8790 CVE-2015-8791}
+	{CVE-2015-8789 CVE-2016-1515 CVE-2015-8790 CVE-2016-1514 CVE-2015-8791}
 	[wheezy] - libebml 1.2.2-2+deb7u1
 	[jessie] - libebml 1.3.0-2+deb8u1
 [31 Mar 2016] DSA-3537-1 imlib2 - security update


