Author: carnil Date: 2016-12-06 05:36:24 +0000 (Tue, 06 Dec 2016) New Revision: 46806
Modified: data/CVE/list Log: Add note why CVE-216-8655 is not critical for Debian Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-06 05:33:36 UTC (rev 46805) +++ data/CVE/list 2016-12-06 05:36:24 UTC (rev 46806) @@ -9407,6 +9407,7 @@ NOTE: http://seclists.org/oss-sec/2016/q4/607 NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1) NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8) + NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1 CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec] RESERVED - jasper <removed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits