diff options
author | security tracker role <sectracker@soriano.debian.org> | 2018-07-26 20:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2018-07-26 20:10:23 +0000 |
commit | 137808f0de8bf75c65bab662a04b0d7ab296f2c9 (patch) | |
tree | 4ceeda90f7fea0b1c140daec258a410aa4292610 /data | |
parent | 29254756fbde575b659bf7fa19821f7a844511f3 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 135 |
1 files changed, 54 insertions, 81 deletions
diff --git a/data/CVE/list b/data/CVE/list index 34a3f0aefd..2e376946fa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2017-18344 (The timer_create syscall implementation in kernel/time/posix-timers.c ...) + TODO: check CVE-2018-14597 RESERVED CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...) @@ -9286,12 +9288,10 @@ CVE-2018-10903 [GCM tag forgery via truncated tag in finalize_with_tag API] NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef CVE-2018-10902 RESERVED -CVE-2018-10901 [kvm: vmx: host GDT.LIMIT corruption] - RESERVED +CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/3444d7da1839b851eefedd372978d8a982316c36 (2.6.36-rc1) -CVE-2018-10900 [local privilege escalation] - RESERVED +CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version ...) {DSA-4253-1} - network-manager-vpnc 1.2.6-1 (bug #904255) NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3 @@ -9376,8 +9376,7 @@ CVE-2018-10882 - linux 4.17.3-1 [stretch] - linux 4.9.110-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200069 -CVE-2018-10881 - RESERVED +CVE-2018-10881 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...) {DLA-1423-1} - linux 4.17.3-1 [stretch] - linux 4.9.110-1 @@ -9387,14 +9386,12 @@ CVE-2018-10880 (Linux kernel is vulnerable to a stack-out-of-bounds write in the - linux 4.17.3-1 [stretch] - linux 4.9.110-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200005 -CVE-2018-10879 - RESERVED +CVE-2018-10879 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...) {DLA-1423-1} - linux 4.17.3-1 [stretch] - linux 4.9.110-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596806 -CVE-2018-10878 - RESERVED +CVE-2018-10878 (A flaw was found in the Linux kernel's ext4 filesystem. A local user ...) {DLA-1423-1} - linux 4.17.3-1 [stretch] - linux 4.9.110-1 @@ -9404,8 +9401,7 @@ CVE-2018-10877 (Linux kernel ext4 filesystem is vulnerable to an out-of-bound ac - linux 4.17.3-1 [stretch] - linux 4.9.110-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199417 -CVE-2018-10876 - RESERVED +CVE-2018-10876 (A flaw was found in Linux kernel in the ext4 filesystem code. A ...) {DLA-1423-1} - linux 4.17.3-1 [stretch] - linux 4.9.110-1 @@ -9767,6 +9763,7 @@ CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in .. CVE-2018-10759 (PHP remote file inclusion vulnerability in public/patch/patch.php in ...) NOT-FOR-US: Project Pier CVE-2018-11319 (Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle ...) + {DLA-1444-1} - vim-syntastic 3.9.0-1 (bug #894736) NOTE: https://github.com/vim-syntastic/syntastic/issues/2170 NOTE: https://github.com/vim-syntastic/syntastic/commit/6d7c0b394e001233dd09ec473fbea2002c72632f @@ -13935,8 +13932,8 @@ CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than NOT-FOR-US: Lenovo CVE-2018-9069 RESERVED -CVE-2018-9068 - RESERVED +CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management ...) + TODO: check CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...) NOT-FOR-US: Lenovo CVE-2018-9066 @@ -36129,8 +36126,7 @@ CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incuba NOT-FOR-US: Apache Fineract CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...) NOT-FOR-US: Apache Fineract -CVE-2018-1288 [Authenticated Kafka clients may interfere with data replication] - RESERVED +CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to ...) - kafka <itp> (bug #786460) CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...) - jakarta-jmeter <unfixed> (low) @@ -38885,16 +38881,15 @@ CVE-2018-0624 RESERVED CVE-2018-0623 RESERVED -CVE-2018-0622 - RESERVED -CVE-2018-0621 - RESERVED -CVE-2018-0620 - RESERVED -CVE-2018-0619 - RESERVED -CVE-2018-0618 - RESERVED +CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...) + TODO: check +CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY ...) + TODO: check +CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...) + TODO: check +CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft ...) + TODO: check +CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier ...) {DSA-4246-1 DLA-1442-1} - mailman 1:2.1.27-1 NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html @@ -38903,16 +38898,16 @@ CVE-2018-0618 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1754 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785 -CVE-2018-0617 - RESERVED +CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to ...) + TODO: check CVE-2018-0616 RESERVED CVE-2018-0615 RESERVED -CVE-2018-0614 - RESERVED -CVE-2018-0613 - RESERVED +CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and ...) + TODO: check +CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 ...) + TODO: check CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter ...) NOT-FOR-US: 5000 trillion yen converter CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 ...) @@ -38924,8 +38919,8 @@ CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote ...) - h2o 2.2.5+dfsg1-1 NOTE: https://github.com/h2o/h2o/issues/1775 -CVE-2018-0607 - RESERVED +CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the ...) + TODO: check CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...) NOT-FOR-US: Pixelpost CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier ...) @@ -53983,8 +53978,7 @@ CVE-2017-12611 (In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, us [wheezy] - libstruts1.2-java <ignored> (Minor issue) NOTE: Only a problem if the application programmer has made a security mistake. NOTE: https://struts.apache.org/docs/s2-053.html -CVE-2017-12610 [Authenticated Kafka clients may impersonate other users] - RESERVED +CVE-2017-12610 (In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, ...) - kafka <itp> (bug #786460) CVE-2017-12609 REJECTED @@ -55158,8 +55152,7 @@ CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validatio {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81 -CVE-2017-12175 - RESERVED +CVE-2017-12175 (Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule ...) NOT-FOR-US: Red Hat Satellite CVE-2017-12174 (It was found that when Artemis and HornetQ before 2.4.0 are configured ...) NOT-FOR-US: Artemis and HornetQ @@ -55181,8 +55174,7 @@ CVE-2017-12172 (PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9. [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl) [wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not installed) NOTE: Issue in sample init-scirpt as provided by postgresql project, but not installed -CVE-2017-12171 [httpd: # character matches all IPs] - RESERVED +CVE-2017-12171 (A regression was found in the Red Hat Enterprise Linux 6.9 version of ...) - apache2 <not-affected> (Introduced by Red Hat RHEL 6.9 specific non-security patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1493056 CVE-2017-12170 (Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was ...) @@ -55196,8 +55188,7 @@ CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in t [jessie] - linux <not-affected> (Vulnerable code not present) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9e3f7a29694049edd728e2400ab57ad7553e5aa9 (4.9-rc6) -CVE-2017-12167 - RESERVED +CVE-2017-12167 (It was found in EAP 7 before 7.0.9 that properties based files of the ...) NOT-FOR-US: Red Hat JBoss EAP CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...) - openvpn 2.4.4-1 (bug #877089) @@ -55216,16 +55207,14 @@ CVE-2017-12165 [improper whitespace parsing leading to potential HTTP request sm NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301 NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559 NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2 -CVE-2017-12164 [lock screen can be circumvented when autologin is set] - RESERVED +CVE-2017-12164 (A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer ...) - gdm3 3.26.0-1 [stretch] - gdm3 <not-affected> (Vulnerable code not present) [jessie] - gdm3 <not-affected> (Vulnerable code not present) [wheezy] - gdm3 <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490417 NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28 -CVE-2017-12163 [Server memory information leak over SMB1] - RESERVED +CVE-2017-12163 (An information leak flaw was found in the way SMB1 protocol was ...) {DSA-3983-1 DLA-1110-1} - samba 2:4.6.7+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html @@ -55266,8 +55255,7 @@ CVE-2017-12151 [SMB3 connections don't keep encryption across DFS redirects] - samba 2:4.6.7+dfsg-2 [wheezy] - samba <not-affected> (Vulnerable code introduced later) NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html -CVE-2017-12150 [SMB1/2/3 connections may not require signing where they should] - RESERVED +CVE-2017-12150 (It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x ...) {DSA-3983-1 DLA-1110-1} - samba 2:4.6.7+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html @@ -69246,8 +69234,7 @@ CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 - ming <removed> NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1 NOTE: https://github.com/libming/libming/issues/68 -CVE-2017-7562 [Make certauth eku module restrictive-only] - RESERVED +CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth ...) - krb5 <not-affected> (Vulnerable code introduced later, cf. #873281) NOTE: https://github.com/krb5/krb5/pull/694 NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2 @@ -69272,8 +69259,7 @@ CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, a NOTE: https://issues.jboss.org/browse/UNDERTOW-1295 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7 NOTE: Fixed by https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2 -CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()] - RESERVED +CVE-2017-7558 (A kernel data leak due to an out-of-bound read was found in the Linux ...) - linux 4.12.13-1 [stretch] - linux 4.9.30-2+deb9u5 [jessie] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported) @@ -69335,8 +69321,7 @@ CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6. - postgresql-8.4 <removed> [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl) NOTE: https://www.postgresql.org/about/news/1772/ -CVE-2017-7545 - RESERVED +CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 ...) NOT-FOR-US: jbpm-designer / jBPM CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read ...) - libexif 0.6.21-2.1 (bug #876466) @@ -69344,8 +69329,7 @@ CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read . [jessie] - libexif <no-dsa> (Minor issue) [wheezy] - libexif <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libexif/bugs/130/ -CVE-2017-7543 [iptables not active after update] - RESERVED +CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before ...) - neutron <not-affected> (Specific to Red Hat packaging) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792 CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...) @@ -69359,17 +69343,14 @@ CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...) NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are ...) NOT-FOR-US: Safemode ruby gem -CVE-2017-7539 [qemu-nbd crashes due to undefined I/O coroutine] - RESERVED +CVE-2017-7539 (An assertion-failure flaw was found in Qemu before 2.10.1, in the ...) - qemu <not-affected> (Vulnerable code introduced in v2.9.0-rc0) - qemu-kvm <not-affected> (Vulnerable code introduced in v2.9.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 -CVE-2017-7538 - RESERVED +CVE-2017-7538 (A cross-site scripting (XSS) flaw was found in how an organization ...) NOT-FOR-US: Red Hat Satellite -CVE-2017-7537 - RESERVED +CVE-2017-7537 (It was found that a mock CMC authentication plugin with a hardcoded ...) - dogtag-pki 10.3.5+12-5 (bug #869261) NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817 @@ -69380,8 +69361,7 @@ CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x [wheezy] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3) NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573 -CVE-2017-7535 - RESERVED +CVE-2017-7535 (foreman before version 1.16.0 is vulnerable to a stored XSS in ...) - foreman <itp> (bug #663101) CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...) NOT-FOR-US: OpenShift @@ -69397,8 +69377,7 @@ CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...) - moodle <not-affected> (Only affects 3.3) NOTE: https://moodle.org/mod/forum/discuss.php?d=355555 -CVE-2017-7530 - RESERVED +CVE-2017-7530 (In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...) {DSA-3908-1 DLA-1024-1} @@ -69410,8 +69389,7 @@ CVE-2017-7528 NOT-FOR-US: Ansible Tower CVE-2017-7527 RESERVED -CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery] - RESERVED +CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-channel ...) {DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1} - libgcrypt20 1.7.8-1 - libgcrypt11 <removed> @@ -69511,8 +69489,7 @@ CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer NOTE: Crash in CLI tool, no security implications CVE-2017-7510 RESERVED -CVE-2017-7509 - RESERVED +CVE-2017-7509 (An input validation error was found in Red Hat Certificate System's ...) NOT-FOR-US: Red Hat Certificate System CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...) {DSA-3900-1} @@ -84587,8 +84564,7 @@ CVE-2017-2666 NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f CVE-2017-2665 (The skyring-setup command creates random password for mongodb skyring ...) NOT-FOR-US: Red Hat Storage / skyring -CVE-2017-2664 - RESERVED +CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before ...) NOT-FOR-US: Red Hat CloudForms CVE-2017-2663 RESERVED @@ -84669,8 +84645,7 @@ CVE-2017-2639 NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-2638 (It was found that the REST API in Infinispan before version 9.0.0 did ...) NOT-FOR-US: infinispan -CVE-2017-2637 - RESERVED +CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform ...) NOT-FOR-US: Red Hat OpenStack Platform director CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through ...) {DSA-3804-1 DLA-849-1} @@ -84872,8 +84847,7 @@ CVE-2017-2590 [Insufficient permission check for ca-del, ca-disable and ca-enabl NOTE: https://pagure.io/freeipa/issue/6713 NOTE: Fixed by (master): https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master NOTE: Fixed by (ipa-4.4): https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4 -CVE-2017-2589 - RESERVED +CVE-2017-2589 (It was discovered that the hawtio servlet 1.4 uses a single HttpClient ...) NOT-FOR-US: hawtio CVE-2017-2588 RESERVED @@ -84900,8 +84874,7 @@ CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulat - linux 4.9.6-1 [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1) NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3 -CVE-2017-2582 - RESERVED +CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserUtil ...) NOT-FOR-US: Keycloak CVE-2017-2581 RESERVED @@ -93592,8 +93565,7 @@ CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an att CVE-2016-8648 RESERVED NOT-FOR-US: Karaf container uses by Red Hat products -CVE-2016-8647 [in some circumstances the mysql_user module may fail to correctly change a password] - RESERVED +CVE-2016-8647 (An input validation vulnerability was found in Ansible's mysql_user ...) - ansible 2.2.0.0-4 (bug #844691) [jessie] - ansible <not-affected> (Vulnerable code not present) NOTE: https://github.com/ansible/ansible-modules-core/pull/5388 @@ -123864,7 +123836,8 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti [squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS) NOTE: http://www.ocert.org/advisories/ocert-2015-012.html NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c -CVE-2015-9261 [busybox: pointer misuse unziping files] +CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before ...) + {DLA-337-1} - busybox 1:1.27.2-1 (bug #803097) [stretch] - busybox <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/10/25/3 |