CVE-2016-10375

NameCVE-2016-10375
DescriptionYodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-976-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yodl (PTS)wheezy3.00.0-6vulnerable
wheezy (security)3.00.0-6+deb7u1fixed
jessie3.04.00-1vulnerable
stretch3.08.01-1fixed
buster, sid4.01.00-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yodlsource(unstable)3.07.01-1high
yodlsourcewheezy3.00.0-6+deb7u1highDLA-976-1

Notes

[jessie] - yodl <no-dsa> (Minor issue)
https://github.com/fbb-git/yodl/issues/1
https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3

Search for package or bug name: Reporting problems