[Secure-testing-commits] r48107 - data/CVE

[Antoine Beaupré]

Author: anarcat
Date: 2017-01-16 18:08:18 +0000 (Mon, 16 Jan 2017)
New Revision: 48107

Modified:
   data/CVE/list
Log:
assign temporary descriptions to libical issues



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-16 18:02:15 UTC (rev 48106)
+++ data/CVE/list	2017-01-16 18:08:18 UTC (rev 48107)
@@ -24824,29 +24824,29 @@
 	[wheezy] - linux <not-affected> (Introduced in v3.10-rc1)
 	NOTE: https://patchwork.ozlabs.org/patch/636776/
 	NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1)
-CVE-2016-5827
+CVE-2016-5827 [Heap overread in libical icalparser_parse_string -> icaltime_from_string function]
 	RESERVED
 	- libical <unfixed>
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
 	TODO: check
-CVE-2016-5826
+CVE-2016-5826 [Heap overread in libical icalparser_parse_string -> parser_get_next_char]
 	RESERVED
 	- libical <unfixed>
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
 	TODO: check
-CVE-2016-5825
+CVE-2016-5825 [Heap buffer overread in libical (icalparser_parse_string function)]
 	RESERVED
 	- libical <unfixed>
 	[wheezy] - libical <no-dsa> (Low prio according to upstream)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
-CVE-2016-5824
+CVE-2016-5824 [Handful use-after-free crashes in libical (used in Thunderbird)]
 	RESERVED
 	- libical <unfixed>
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
 	NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553
-CVE-2016-5823
+CVE-2016-5823 [Libical attempting free on address which was not malloc()-ed]
 	RESERVED
 	- libical 1.0-1
 	[wheezy] - libical <no-dsa> (Only possible denial of service, not severe enough to solve)