[Secure-testing-commits] r46806 - data/CVE

Salvatore Bonaccorso Mon, 05 Dec 2016 21:37:32 -0800

Author: carnil
Date: 2016-12-06 05:36:24 +0000 (Tue, 06 Dec 2016)
New Revision: 46806


Modified:
   data/CVE/list
Log:
Add note why CVE-216-8655 is not critical for Debian

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-06 05:33:36 UTC (rev 46805)
+++ data/CVE/list       2016-12-06 05:36:24 UTC (rev 46806)
@@ -9407,6 +9407,7 @@
        NOTE: http://seclists.org/oss-sec/2016/q4/607
        NOTE: Introduced by: 
https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
        NOTE: Fixed by: 
https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
+       NOTE: Non-privileged user namespaces disabled by default, only 
vulnerable with sysctl kernel.unprivileged_userns_clone=1
 CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
        RESERVED
        - jasper <removed>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46806 - data/CVE

Reply via email to