Author: carnil
Date: 2016-11-02 19:37:39 +0000 (Wed, 02 Nov 2016)
New Revision: 45895
Modified:
data/CVE/list
Log:
Mark bsdiff as no-dsa for jessie, can be fixed via point release
Note: Main use of bsdiff seem to be via reverse dependencies like
debdelta. For the other cases it might be sufficient to have the fix
included in the point release.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-02 19:37:28 UTC (rev 45894)
+++ data/CVE/list 2016-11-02 19:37:39 UTC (rev 45895)
@@ -11816,6 +11816,7 @@
RESERVED
CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as
used in ...)
- bsdiff 4.3-17
+ [jessie] - bsdiff <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in
...)
- libreswan <itp> (bug #773459)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
