[Git][security-tracker-team/security-tracker][master] Update status for CVE-2016-1243 and CVE-2016-1244

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 28 10:03:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4dfa1dd5 by Salvatore Bonaccorso at 2023-09-28T11:01:46+02:00
Update status for CVE-2016-1243 and CVE-2016-1244

While the security fixed did include the CVE patches, the upload to
unstable 0.7.11a-4 did ommit those and so the issue was never fixed for
subsequent releases.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -471727,10 +471727,14 @@ CVE-2016-1245 (It was discovered that the zebra daemon in Quagga before 1.0.2016
 	NOTE: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html
 CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute a ...)
 	{DSA-3676-1 DLA-631-1}
-	- unadf 0.7.11a-4 (bug #838248)
+	- unadf <unfixed> (bug #838248)
+	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
+	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
 	{DSA-3676-1 DLA-631-1}
-	- unadf 0.7.11a-4 (bug #838248)
+	- unadf <unfixed> (bug #838248)
+	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
+	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)
 	{DSA-3656-1 DLA-607-1}
 	- tryton-server 4.0.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfa1dd5578d343bf3f7234f8595671ab5f78185

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfa1dd5578d343bf3f7234f8595671ab5f78185
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/589b4580/attachment.htm>

More information about the debian-security-tracker-commits mailing list