[Secure-testing-commits] r55761 - data/CVE

Thu Sep 14 14:09:55 UTC 2017

Author: carnil
Date: 2017-09-14 14:09:55 +0000 (Thu, 14 Sep 2017)
New Revision: 55761

Modified:
   data/CVE/list
Log:
Add fixed version for libarchive upload

Note: this originally was in 3.2.2-2.1 but there was a 3.2.2-3 upload
not integrating the NMU and thus loosing the CVE fixes. Since the -3
upload was quite shortly after -2.1, the package went never really out
to users. So mark the reuploaded 3.2.2-3.1 as the first fixing version
(although not fully correct).

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-14 13:52:55 UTC (rev 55760)
+++ data/CVE/list	2017-09-14 14:09:55 UTC (rev 55761)
@@ -762,7 +762,7 @@
 	RESERVED
 CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service ...)
 	{DLA-1092-1}
-	- libarchive <unfixed> (bug #874539)
+	- libarchive 3.2.2-3.1 (bug #874539)
 	[stretch] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
@@ -17222,7 +17222,7 @@
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
 CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ...)
 	{DLA-1006-1}
-	- libarchive <unfixed> (bug #861609)
+	- libarchive 3.2.2-3.1 (bug #861609)
 	[stretch] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/834
@@ -24893,7 +24893,7 @@
 	NOTE: https://github.com/VirusTotal/yara/issues/576
 CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
 	{DLA-1006-1}
-	- libarchive <unfixed> (low; bug #859456)
+	- libarchive 3.2.2-3.1 (low; bug #859456)
 	[stretch] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/842


