[Secure-testing-commits] r42913 - in data: . CVE

Thu, 30 Jun 2016 06:28:49 -0700 

Author: pere
Date: 2016-06-30 13:28:21 +0000 (Thu, 30 Jun 2016)
New Revision: 42913

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
Add git repo for libarchive work.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-06-30 12:17:54 UTC (rev 42912)
+++ data/CVE/list       2016-06-30 13:28:21 UTC (rev 42913)
@@ -1548,14 +1548,18 @@
        - libarchive 3.2.1-1
        NOTE: https://github.com/libarchive/libarchive/issues/521
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/603454ec03040c29bd051fcc749e3c1433c11a8e
-CVE-2015-8933
+CVE-2015-8933 [undefined behaviour / signed integer overflow in 
archive_read_format_tar_skip()]
        RESERVED
        - libarchive 3.2.0-2
        NOTE: https://github.com/libarchive/libarchive/issues/548
+       NOTE: https://github.com/libarchive/libarchive/issues/582
+       NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/3c7a6dc6694d9b26400d2bd672e04d09ed8a4276
 CVE-2015-8932
        RESERVED
        - libarchive 3.2.0-2
        NOTE: https://github.com/libarchive/libarchive/issues/547
+       NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/f0b1dbbc325a2d922015eee402b72edd422cb9ea
 and part of 
https://github.com/libarchive/libarchive/commit/55ce98e829eda3a4356c2be64a778d8740c2cf6c
 and 
https://github.com/libarchive/libarchive/commit/618618c8a6be453f79e0bdbdeab6e1dd8bf429b3
+       NOTE: Part of the problematic code was introduced with commit 
bf4f6ec64ef3edefbc41172692868fb8df514805 to fix 
https://github.com/libarchive/libarchive/issues/356
 CVE-2015-8931
        RESERVED
        - libarchive 3.2.0-2

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-06-30 12:17:54 UTC (rev 42912)
+++ data/dsa-needed.txt 2016-06-30 13:28:21 UTC (rev 42913)
@@ -26,7 +26,8 @@
 icu
 --
 libarchive
-  Petter Reinholdtsen mentioned on IRC to prepare updates
+  Petter Reinholdtsen mentioned on IRC to prepare updates, working with
+  <URL: 
http://anonscm.debian.org/cgit/collab-maint/libarchive.git/log/?h=debian-jessie 
> 
 --
 libgd2
 --


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to