[Secure-testing-commits] r52082 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon May 29 19:38:45 UTC 2017
Author: carnil
Date: 2017-05-29 19:38:45 +0000 (Mon, 29 May 2017)
New Revision: 52082
Modified:
data/CVE/list
Log:
Update information for CVE-2016-10377
Note for reviewers, please double-check. It looks that the code
introduing use of tot_len (= ntohs(nh->ip_tot_len)) was introduced post
2.3.0+git20140819-1, and thus as well the broken check
OVS_UNLIKELY(tot_len > size)
missing as well the ckeck for ip_len <= tot_len, holds only for later
versions.
I might be wrong, and the issue is still present before that due to
greater code changes. Thus please update the entry in case you disagree
with me.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-29 19:31:14 UTC (rev 52081)
+++ data/CVE/list 2017-05-29 19:38:45 UTC (rev 52082)
@@ -33,6 +33,8 @@
RESERVED
CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch ...)
- openvswitch 2.6.1+git20161123-1
+ [jessie] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
+ [wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
CVE-2017-9287 [double free with Paged Results control and pagesize 0]
- openldap 2.4.44+dfsg-5 (bug #863563)
More information about the Secure-testing-commits
mailing list