Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 74653fcd by Hugo Lefeuvre at 2020-01-11T09:35:18+01:00 dla-needed: update notes on my claimed packages - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -18,7 +18,11 @@ ansible apache-log4j1.2 (Markus Koschany) -- clamav (Hugo Lefeuvre) - NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster. + NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster. + NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration + NOTE: does not seem very smooth from the perspective of users. The release + NOTE: team would like to wait for an init script for the new clamonacc + NOTE: binary, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946557 -- gpac NOTE: 20200105: All open issues are unfixed. Adding it here for future @@ -43,6 +47,8 @@ libexif (Hugo Lefeuvre) NOTE: 20191201: Pinged the upstream yet again. (utkarsh2102) NOTE: 20191216: The android patch does not apply but is easy to manually apply. (ola) NOTE: 20191216: The problem is the file to trigger the fault is not known. (ola) + NOTE: 20200111: Investigated the issue, currently in contact with Ray Essick @google + NOTE: 20200111: to get access to the reproducer. (hle) -- libjackson-json-java (Adrian Bunk) NOTE: 20191230: work is ongoing @@ -78,7 +84,7 @@ opendmarc (Thorsten Alteholz) NOTE: 20200105: still testing package, original patch does not seem to be enough, still ongoing -- python-reportlab (Hugo Lefeuvre) - NOTE: 20191227: still no upstream fix + NOTE: 20200111: still no upstream fix -- radare2 NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in @@ -128,7 +134,9 @@ x2goclient NOTE: 20191221: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d1 -- xcftools (Hugo Lefeuvre) - NOTE: wrote a patch + reproducer for CVE-2019-5086, waiting for review. + NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for review. + NOTE: but I might just not receive any review any time soon, so I will now attempt to + NOTE: fix the second issue and move on with the update. -- xen -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74653fcd9093a37d7a28b1ccef8adfd03551fd44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74653fcd9093a37d7a28b1ccef8adfd03551fd44 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits