Author: sectracker
Date: 2016-07-21 09:10:12 +0000 (Thu, 21 Jul 2016)
New Revision: 43336
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-21 08:56:30 UTC (rev 43335)
+++ data/CVE/list 2016-07-21 09:10:12 UTC (rev 43336)
@@ -24,6 +24,7 @@
- dietlibc 0.34~cvs20160606-2
NOTE:
http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
CVE-2016-6250 [Integer overflow when verifying filename size]
+ {DLA-554-1}
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/711
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6
(v3.2.1)
@@ -1427,6 +1428,7 @@
RESERVED
CVE-2016-5844 [undefined behaviour (integer overflow) in iso parser]
RESERVED
+ {DLA-554-1}
- libarchive 3.2.1-1
NOTE: Upstream ticket:
https://github.com/libarchive/libarchive/issues/717
NOTE: Upstream fix:
https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22
(v3.2.1)
@@ -2724,29 +2726,34 @@
NOTE: Fixed in 5.6.6, 5.5.22 and 5.4.38
CVE-2015-8934 [out of bounds heap read in RAR parser]
RESERVED
+ {DLA-554-1}
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/521
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/603454ec03040c29bd051fcc749e3c1433c11a8e
(v3.2.1)
CVE-2015-8933 [undefined behaviour / signed integer overflow in
archive_read_format_tar_skip()]
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/548
NOTE: https://github.com/libarchive/libarchive/issues/582
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/3c7a6dc6694d9b26400d2bd672e04d09ed8a4276
CVE-2015-8932
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/547
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/f0b1dbbc325a2d922015eee402b72edd422cb9ea
and part of
https://github.com/libarchive/libarchive/commit/55ce98e829eda3a4356c2be64a778d8740c2cf6c
and
https://github.com/libarchive/libarchive/commit/618618c8a6be453f79e0bdbdeab6e1dd8bf429b3
NOTE: Part of the problematic code was introduced with commit
bf4f6ec64ef3edefbc41172692868fb8df514805 to fix
https://github.com/libarchive/libarchive/issues/356
CVE-2015-8931
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/539
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/b31744df71084a8734f97199e42418f55d08c6c5
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/c0c52e9aaafb0860c4151c5374372051e9354301
CVE-2015-8930
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/522
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/39fc59391b7cf2a007bffce280c1e3e66674258f
@@ -2772,41 +2779,49 @@
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/eff35d4
CVE-2015-8926
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/518
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/aab73938
CVE-2015-8925
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/516
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1e18cbb71
CVE-2015-8924
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/515
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/bb9b157
CVE-2015-8923
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/514
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c
CVE-2015-8922
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/513
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/d094dc
CVE-2015-8921
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/512
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1cbc76f
CVE-2015-8920
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/511
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/97f964e
CVE-2015-8919
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/510
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/e8a2e4d
@@ -2818,6 +2833,7 @@
NOTE: https://github.com/libarchive/libarchive/issues/506
CVE-2015-8917
RESERVED
+ {DLA-554-1}
- libarchive 3.2.0-2
NOTE: https://github.com/libarchive/libarchive/issues/505
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
@@ -4593,6 +4609,7 @@
NOTE: https://launchpad.net/bugs/1577558
CVE-2016-4809 [Memory allocate error with symbolic links in cpio archives]
RESERVED
+ {DLA-554-1}
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408
(v3.2.1)
@@ -6136,6 +6153,7 @@
NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/
CVE-2016-4302 [Libarchive Rar RestartModel Heap Overflow]
RESERVED
+ {DLA-554-1}
- libarchive 3.2.1-1
NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
NOTE: http://www.talosintel.com/reports/TALOS-2016-0154/
@@ -6152,6 +6170,7 @@
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/ecdac4d50db0cf5a0c630ba077729aaa6c5a2dd2
CVE-2016-4300 [7-Zip read_SubStreamsInfo Integer Overflow]
RESERVED
+ {DLA-554-1}
- libarchive 3.2.1-1
NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
NOTE: http://www.talosintel.com/reports/TALOS-2016-0152/
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
