CVE-2016-10375

NameCVE-2016-10375
DescriptionYodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2194-1, DLA-976-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yodl (PTS)buster4.02.00-3fixed
bullseye4.03.02-2fixed
bookworm, sid, trixie4.03.03-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yodlsourcewheezy3.00.0-6+deb7u1DLA-976-1
yodlsourcejessie3.04.00-1+deb8u1DLA-2194-1
yodlsource(unstable)3.07.01-1

Notes

https://github.com/fbb-git/yodl/issues/1
https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3

Search for package or bug name: Reporting problems