[Secure-testing-commits] r48315 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-01-24 05:36:46 +0000 (Tue, 24 Jan 2017)
New Revision: 48315

Modified:
   data/CVE/list
Log:
Add CVE-2016-10156/systemd

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-23 23:48:13 UTC (rev 48314)
+++ data/CVE/list	2017-01-24 05:36:46 UTC (rev 48315)
@@ -81,7 +81,11 @@
 CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...)
 	TODO: check
 CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable ...)
-	TODO: check
+	- systemd 229-1
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601
+	NOTE: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
+	NOTE: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)
+	TODO: check for older version, contacted SuSE security team to open https://bugzilla.suse.com/show_bug.cgi?id=1020601
 CVE-2017-XXXX [Reflected XSS vulnerability]
 	- cgiemail <unfixed> (bug #852031)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6