CVE-2016-10375

NameCVE-2016-10375
DescriptionYodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-976-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yodl (PTS)jessie3.04.00-1vulnerable
stretch3.08.01-1fixed
buster4.02.00-3fixed
bullseye, sid4.02.02-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yodlsource(unstable)3.07.01-1
yodlsourcewheezy3.00.0-6+deb7u1DLA-976-1

Notes

[jessie] - yodl <no-dsa> (Minor issue)
https://github.com/fbb-git/yodl/issues/1
https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3

Search for package or bug name: Reporting problems