@@
libtasn1-3 (Thorsten Alteholz)
NOTE: 20170702, no upstream fix yet
--
-libtorrent-rasterbar (Thorsten Alteholz)
- NOTE: 20170702 sent email to maintainer
---
libxml-libxml-perl
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
Author: alteholz
Date: 2017-07-25 12:26:50 + (Tue, 25 Jul 2017)
New Revision: 53897
Modified:
data/packages/lts-do-not-call
Log:
add new entry
Modified: data/packages/lts-do-not-call
===
--- data/packages/lts-do-not-call
53902)
+++ data/dla-needed.txt 2017-07-25 17:53:12 UTC (rev 53903)
@@ -167,7 +167,7 @@
NOTE: reds_on_main_agent_monitors_config does not exist. Unclear how issue
NOTE: can be triggered/verified in this version
--
-swftools
+swftools (Thorsten Alteholz)
--
tcpdump
NOTE: patch sent upstream
/cgi-bin/bugreport.cgi?bug=858373
NOTE: package available for testing, see 87r2x9rjjt@curie.anarc.at
--
-bind9 (Thorsten Alteholz)
- NOTE: probably regression introduced in latest upload
---
ca-certificates
NOTE: 2017-07-19: maintainer will handle the upload, see
https
53903)
+++ data/dla-needed.txt 2017-07-25 17:59:35 UTC (rev 53904)
@@ -156,7 +156,7 @@
rbenv
NOTE: .ruby-version is .rbenv-version in wheezy
--
-resiprocate
+resiprocate (Thorsten Alteholz)
--
rkhunter (Thorsten Alteholz)
NOTE: 20170702 sent email to maintainer
(rev 53917)
@@ -158,9 +158,6 @@
--
resiprocate (Thorsten Alteholz)
--
-rkhunter (Thorsten Alteholz)
- NOTE: 20170702 sent email to maintainer
---
spice
NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
NOTE: (Markus Koschany) Patch from Jessie does not apply. Function
Author: alteholz
Date: 2017-07-25 17:52:19 + (Tue, 25 Jul 2017)
New Revision: 53902
Modified:
data/dla-needed.txt
Log:
no security issue in pspp
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-25 17:33:33
Author: alteholz
Date: 2017-07-23 18:00:24 + (Sun, 23 Jul 2017)
New Revision: 53844
Modified:
data/dla-needed.txt
Log:
status update
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-23 17:58:14 UTC (rev
Author: alteholz
Date: 2017-07-23 17:53:41 + (Sun, 23 Jul 2017)
New Revision: 53841
Modified:
data/CVE/list
Log:
add note for fix of CVE-2017-10790
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-23 14:43:51 UTC
)
+++ data/dla-needed.txt 2017-07-23 17:56:06 UTC (rev 53842)
@@ -62,12 +62,13 @@
jasper (Thorsten Alteholz)
NOTE: 20170629, no patch available for the remaining CVEs yet, pinged
upstream
NOTE: 20170708: re-pinged upstream (lamby)
+ NOTE: 20170723, no patches available yet
--
jbig2dec
Author: alteholz
Date: 2017-07-23 17:58:14 + (Sun, 23 Jul 2017)
New Revision: 53843
Modified:
data/dla-needed.txt
Log:
maintainer seems to have no time for this wireshark update
Modified: data/dla-needed.txt
===
---
: regression update, see:
NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html
--
-libtasn1-3 (Thorsten Alteholz)
---
libxml-libxml-perl
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
(rev 53949)
+++ data/dla-needed.txt 2017-07-26 13:41:09 UTC (rev 53950)
@@ -165,7 +165,8 @@
NOTE: reds_on_main_agent_monitors_config does not exist. Unclear how issue
NOTE: can be triggered/verified in this version
--
-swftools (Thorsten Alteholz)
+swftools
+ NOTE: corresponding bugs have been
)
+++ data/dla-needed.txt 2017-07-26 13:54:36 UTC (rev 53951)
@@ -123,8 +123,7 @@
NOTE: has 8 different bugs fixed. Only 2 reverse dependancies:
NOTE: mysql-utilities and mysql-workbench.
--
-nasm
- NOTE: 20170702 sent email to maintainer
+nasm (Thorsten Alteholz)
--
ncurses (Emilio Pozuelo
@@
rbenv
NOTE: .ruby-version is .rbenv-version in wheezy
--
-resiprocate (Thorsten Alteholz)
---
spice
NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
NOTE: (Markus Koschany) Patch from Jessie does not apply. Function
___
Secure
)
+++ data/dla-needed.txt 2017-07-19 10:10:41 UTC (rev 53659)
@@ -14,6 +14,9 @@
NOTE: There was a regression introduced in DLA-841-1 (2.2.22-13+deb7u8)
NOTE: See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858373
--
+bind9 (Thorsten Alteholz)
+ NOTE: probably regression introduced
Author: alteholz
Date: 2017-06-30 09:16:42 + (Fri, 30 Jun 2017)
New Revision: 53032
Modified:
data/packages/lts-do-not-call
Log:
no need to inform maintainer about update
Modified: data/packages/lts-do-not-call
===
---
)
+++ data/dla-needed.txt 2017-06-30 10:27:56 UTC (rev 53035)
@@ -13,6 +13,8 @@
apache2 (Roberto C. Sánchez)
NOTE: 20170625, packages ready for upload, request for testing sent to list
--
+bind9 (Thorsten Alteholz)
+--
boa
NOTE: only available in Wheezy and orphaned
NOTE: Should probably
@@
NOTE: regression update, see:
NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html
--
-libxml2 (Thorsten Alteholz)
- NOTE: 20170629, except one, patches seem to be available now
---
libytnef (Thorsten Alteholz)
NOTE: 20170629, patches missing
UTC (rev 53053)
+++ data/dla-needed.txt 2017-06-30 20:48:04 UTC (rev 53054)
@@ -67,6 +67,8 @@
NOTE: regression update, see:
NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html
--
+libxml2 (Thorsten Alteholz)
+--
libytnef (Thorsten Alteholz)
NOTE: 20170629, patches missing
Author: alteholz
Date: 2017-07-02 14:55:37 + (Sun, 02 Jul 2017)
New Revision: 53110
Modified:
data/dla-needed.txt
Log:
add poppler
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 14:55:09 UTC (rev 53109)
Author: alteholz
Date: 2017-07-02 14:57:58 + (Sun, 02 Jul 2017)
New Revision: 53111
Modified:
data/dla-needed.txt
Log:
add nasm
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 14:55:37 UTC (rev 53110)
+++
Author: alteholz
Date: 2017-07-02 16:54:13 + (Sun, 02 Jul 2017)
New Revision: 53112
Modified:
data/CVE/list
Log:
these CVEs do not affect Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-02 14:57:58 UTC (rev
Author: alteholz
Date: 2017-07-02 17:26:37 + (Sun, 02 Jul 2017)
New Revision: 53118
Modified:
data/packages/lts-do-not-call
Log:
add libcrypt11
Modified: data/packages/lts-do-not-call
===
--- data/packages/lts-do-not-call
Author: alteholz
Date: 2017-07-02 17:27:09 + (Sun, 02 Jul 2017)
New Revision: 53119
Modified:
data/dla-needed.txt
Log:
add libgcrypt11
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 17:26:37 UTC (rev
Author: alteholz
Date: 2017-07-02 17:27:34 + (Sun, 02 Jul 2017)
New Revision: 53120
Modified:
data/dla-needed.txt
Log:
add firefox-esr
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 17:27:09 UTC (rev
Author: alteholz
Date: 2017-07-02 14:15:48 + (Sun, 02 Jul 2017)
New Revision: 53101
Modified:
data/dla-needed.txt
Log:
add icedove
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 14:13:01 UTC (rev 53100)
Author: alteholz
Date: 2017-07-02 14:54:46 + (Sun, 02 Jul 2017)
New Revision: 53108
Modified:
data/packages/lts-do-not-call
Log:
add poppler
Modified: data/packages/lts-do-not-call
===
--- data/packages/lts-do-not-call
Author: alteholz
Date: 2017-07-02 17:49:46 + (Sun, 02 Jul 2017)
New Revision: 53123
Modified:
data/dla-needed.txt
Log:
add teamspeak-client
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 17:46:08 UTC
/indirector/catalog/compiler.rb (line
25),
NOTE: 2017-06-01: however I don't know whether pson is the only supported
format
@@ -117,6 +120,7 @@
NOTE: Patches for minor issues at
https://anonscm.debian.org/cgit/users/agx/qemu-kvm.git/log/
--
rkhunter (Thorsten Alteholz)
+ NOTE: 20170702 sent
Author: alteholz
Date: 2017-07-02 17:19:27 + (Sun, 02 Jul 2017)
New Revision: 53116
Modified:
data/dla-needed.txt
Log:
add libdbd-mysql-perl
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 17:17:59 UTC
(rev 53114)
+++ data/dla-needed.txt 2017-07-02 17:17:59 UTC (rev 53115)
@@ -73,6 +73,9 @@
NOTE: regression update, see:
NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html
--
+libtorrent-rasterbar (Thorsten Alteholz)
+ NOTE: 20170702 sent email to maintainer
+--
libxml2
Author: alteholz
Date: 2017-07-02 17:45:39 + (Sun, 02 Jul 2017)
New Revision: 53121
Modified:
data/dla-needed.txt
Log:
add faad2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 17:27:34 UTC (rev 53120)
Author: alteholz
Date: 2017-07-02 17:46:08 + (Sun, 02 Jul 2017)
New Revision: 53122
Modified:
data/dla-needed.txt
Log:
add exiv2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 17:45:39 UTC (rev 53121)
Author: alteholz
Date: 2017-07-02 14:13:01 + (Sun, 02 Jul 2017)
New Revision: 53100
Modified:
data/CVE/list
Log:
mark vlc as eol for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-02 14:11:18 UTC (rev
)
+++ data/dla-needed.txt 2017-07-02 14:47:08 UTC (rev 53106)
@@ -116,6 +116,8 @@
NOTE: Investigating CVE-2017-2633
NOTE: Patches for minor issues at
https://anonscm.debian.org/cgit/users/agx/qemu-kvm.git/log/
--
+rkhunter (Thorsten Alteholz)
+--
sudo (Antoine Beaupré)
NOTE: this is about
(rev 53113)
+++ data/dla-needed.txt 2017-07-02 17:14:46 UTC (rev 53114)
@@ -75,6 +75,9 @@
--
libxml2 (Thorsten Alteholz)
--
+libxml-libxml-perl
+ NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
+--
libytnef (Thorsten Alteholz)
NOTE: 20170629
Author: alteholz
Date: 2017-07-02 14:35:13 + (Sun, 02 Jul 2017)
New Revision: 53104
Modified:
data/dla-needed.txt
Log:
add openvpn
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 14:26:00 UTC (rev 53103)
Author: alteholz
Date: 2017-07-02 14:26:00 + (Sun, 02 Jul 2017)
New Revision: 53103
Modified:
data/dla-needed.txt
Log:
add mpg123
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 14:21:39 UTC (rev 53102)
Author: alteholz
Date: 2017-07-02 16:54:45 + (Sun, 02 Jul 2017)
New Revision: 53113
Modified:
data/dla-needed.txt
Log:
openvpn removed again, everything is done
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: alteholz
Date: 2017-07-02 14:11:18 + (Sun, 02 Jul 2017)
New Revision: 53099
Modified:
data/CVE/list
Log:
mark glance as eol for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-02 14:07:40 UTC (rev
Author: alteholz
Date: 2017-07-02 14:21:39 + (Sun, 02 Jul 2017)
New Revision: 53102
Modified:
data/dla-needed.txt
Log:
add libmtp
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-02 14:15:48 UTC (rev 53101)
53123)
+++ data/dla-needed.txt 2017-07-02 17:51:25 UTC (rev 53124)
@@ -87,6 +87,9 @@
NOTE: regression update, see:
NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html
--
+libtasn1-3 (Thorsten Alteholz)
+ NOTE: 20170702, no upstream fix yet
+--
libtorrent-rasterbar (Thorsten Alteholz
Author: alteholz
Date: 2017-06-29 11:34:02 + (Thu, 29 Jun 2017)
New Revision: 53006
Modified:
data/CVE/list
Log:
mark matrixssl as eol in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-29 11:30:48 UTC (rev
Author: alteholz
Date: 2017-06-29 11:42:55 + (Thu, 29 Jun 2017)
New Revision: 53008
Modified:
data/CVE/list
Log:
mark binutil CVEs as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-29 11:38:26 UTC (rev
:14 UTC (rev 53010)
+++ data/dla-needed.txt 2017-06-29 12:10:47 UTC (rev 53011)
@@ -39,10 +39,10 @@
NOTE: the maintainer.
--
jasper (Thorsten Alteholz)
- NOTE: 20170618, no patch available for the remaining CVEs yet, pinged
upstream
+ NOTE: 20170629, no patch available for the remaining CVEs
Author: alteholz
Date: 2017-06-29 11:38:26 + (Thu, 29 Jun 2017)
New Revision: 53007
Modified:
data/dla-needed.txt
Log:
add tiff
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-29 11:34:02 UTC (rev 53006)
+++
Author: alteholz
Date: 2017-06-29 11:57:14 + (Thu, 29 Jun 2017)
New Revision: 53010
Modified:
data/CVE/list
Log:
mark radare2 CVE as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-29 11:46:05 UTC (rev
Author: alteholz
Date: 2017-06-29 12:16:17 + (Thu, 29 Jun 2017)
New Revision: 53012
Modified:
data/dla-needed.txt
Log:
add ming
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-29 12:10:47 UTC (rev 53011)
+++
Author: alteholz
Date: 2017-06-29 11:46:05 + (Thu, 29 Jun 2017)
New Revision: 53009
Modified:
data/CVE/list
Log:
mark dwarfutils CVE as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-29 11:42:55 UTC (rev
Author: alteholz
Date: 2017-04-26 20:09:02 + (Wed, 26 Apr 2017)
New Revision: 51084
Modified:
data/DLA/list
Log:
reserve DLA for jasper
Modified: data/DLA/list
===
--- data/DLA/list 2017-04-26 20:05:13 UTC (rev 51083)
NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html
--
-minicom (Thorsten Alteholz)
- NOTE: Maintainer contacted at 2017-04-23.
---
mp3splt
NOTE: 2017-02-28: No patch available. Reproducer doesn't work with Debian
NOTE: packages (tested on Stretch, Jessie and Wheezy). It's
(Thorsten Alteholz)
--
-botan1.10 (Thorsten Alteholz)
- NOTE: Maintainer contacted at 2017-04-23.
---
ca-certificates
NOTE: maintainer will handle the upload, see
https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org
)
+++ data/dla-needed.txt 2017-04-28 17:53:47 UTC (rev 51156)
@@ -41,6 +41,8 @@
--
jasper (Thorsten Alteholz)
--
+jbig2dec
+--
kedpm (Antoine Beaupré)
NOTE: no further triage done from ta, please decide on your own
--
___
Secure-testing-commits
Author: alteholz
Date: 2017-04-28 18:01:02 + (Fri, 28 Apr 2017)
New Revision: 51159
Modified:
data/dla-needed.txt
Log:
add mysql-connector-python
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-28 17:59:20
Author: alteholz
Date: 2017-04-28 17:39:08 + (Fri, 28 Apr 2017)
New Revision: 51155
Modified:
data/dla-needed.txt
Log:
add nss
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-28 17:38:23 UTC (rev 51154)
+++
(rev 51157)
+++ data/dla-needed.txt 2017-04-28 17:59:20 UTC (rev 51158)
@@ -42,6 +42,7 @@
jasper (Thorsten Alteholz)
--
jbig2dec
+ NOTE: maintainer contacted 20170428
--
kedpm (Antoine Beaupré)
NOTE: no further triage done from ta, please decide on your own
@@ -76,6 +77,9 @@
NOTE
Author: alteholz
Date: 2017-04-27 17:57:12 + (Thu, 27 Apr 2017)
New Revision: 51112
Modified:
data/dla-needed.txt
Log:
add freetype again to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-27
)
+++ data/dla-needed.txt 2017-04-27 18:07:38 UTC (rev 51115)
@@ -41,6 +41,9 @@
--
jasper (Thorsten Alteholz)
--
+kedpm (Antoine Beaupré)
+ NOTE: no further triage done from ta, please decide on your own
+--
libav
NOTE: Diego Biurrun (from the libav team) is working on patches.
NOTE: Some
Author: alteholz
Date: 2017-04-27 18:05:13 + (Thu, 27 Apr 2017)
New Revision: 51114
Modified:
data/dla-needed.txt
Log:
add ghostscript
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-27 18:04:51 UTC (rev
Author: alteholz
Date: 2017-04-27 18:04:51 + (Thu, 27 Apr 2017)
New Revision: 51113
Modified:
data/packages/lts-do-not-call
Log:
add ghostscript
Modified: data/packages/lts-do-not-call
===
--- data/packages/lts-do-not-call
Author: alteholz
Date: 2017-04-29 11:58:40 + (Sat, 29 Apr 2017)
New Revision: 51171
Modified:
data/dla-needed.txt
Log:
add linux again
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-29 09:10:12 UTC (rev
Author: alteholz
Date: 2017-04-29 12:01:10 + (Sat, 29 Apr 2017)
New Revision: 51173
Modified:
data/packages/lts-do-not-call
Log:
add packages from Jonas
Modified: data/packages/lts-do-not-call
===
---
-needed.txt 2017-04-24 19:46:16 UTC (rev 51007)
+++ data/dla-needed.txt 2017-04-24 19:56:06 UTC (rev 51008)
@@ -18,7 +18,7 @@
--
bind9 (Thorsten Alteholz)
--
-botan1.10
+botan1.10 (Thorsten Alteholz)
NOTE: Maintainer contacted at 2017-04-23.
--
ca-certificates
Author: alteholz
Date: 2017-04-29 14:13:29 + (Sat, 29 Apr 2017)
New Revision: 51175
Modified:
data/dla-needed.txt
Log:
add gnome-shell
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-29 12:04:44 UTC (rev
51176)
+++ data/dla-needed.txt 2017-04-29 14:16:47 UTC (rev 51177)
@@ -45,7 +45,6 @@
jasper (Thorsten Alteholz)
--
jbig2dec
- NOTE: maintainer contacted 20170428
--
kedpm (Antoine Beaupré)
NOTE: no further triage done from ta, please decide on your own
Author: alteholz
Date: 2017-04-29 14:16:04 + (Sat, 29 Apr 2017)
New Revision: 51176
Modified:
data/dla-needed.txt
Log:
add mysql-workbench
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-29 14:13:29 UTC (rev
UTC (rev 54029)
+++ data/dla-needed.txt 2017-07-28 20:10:47 UTC (rev 54030)
@@ -81,8 +81,6 @@
--
libgd2
--
-libquicktime (Thorsten Alteholz)
---
libraw (Emilio Pozuelo)
NOTE: Maintainer contacted 2017-06-05.
--
___
Secure-testing-commits mailing
54029)
@@ -121,8 +121,6 @@
NOTE: has 8 different bugs fixed. Only 2 reverse dependancies:
NOTE: mysql-utilities and mysql-workbench.
--
-nasm (Thorsten Alteholz)
---
openexr
NOTE: 20170707: Pinged upstream (lamby)
--
___
Secure-testing
54889)
+++ data/dla-needed.txt 2017-08-19 15:25:34 UTC (rev 54890)
@@ -138,7 +138,7 @@
NOTE: mysql-utilities and mysql-workbench.
NOTE: 20170810: Wait for more issues (see ML:
https://lists.debian.org/debian-lts/2017/08/msg00039.html)
--
-newsbeuter
+newsbeuter (Thorsten Alteholz)
--
openexr
54888)
+++ data/dla-needed.txt 2017-08-19 14:22:34 UTC (rev 54889)
@@ -110,8 +110,7 @@
libxml-libxml-perl
NOTE: 20170702: no upstream fix yet, so no need to bother maintainer yet,
sent email later
--
-libxml2
- NOTE: 20170813: no fix yet
+libxml2 (Thorsten Alteholz)
--
libytnef
NOTE
(rev 54911)
+++ data/dla-needed.txt 2017-08-20 16:45:38 UTC (rev 54912)
@@ -60,7 +60,7 @@
--
gnupg
--
-graphicsmagick
+graphicsmagick (Thorsten Alteholz)
--
imagemagick (Roberto C. Sánchez)
NOTE: 20170814, work continues patches up to CVE-2017-12587 backported
@@ -98,6 +98,7 @@
NOTE
Lefeuvre)
NOTE: https://lists.debian.org/debian-lts/2017/08/msg2.html
--
-curl (Thorsten Alteholz)
- NOTE: 20170809: Not entirely sure vulnerable, adding just in case. (lamby)
---
db
NOTE: 20170813: Not sure vulnerable as some of the DB_CONFIG code is missing
in env_open.c, but the reporter
54915)
+++ data/dla-needed.txt 2017-08-20 16:56:22 UTC (rev 54916)
@@ -44,7 +44,7 @@
faad2
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
--
-fontforge
+fontforge (Thorsten Alteholz)
--
freeradius
NOTE: CVE-2017-10983 is in fr_dhcp_decode since
(rev 51642)
+++ data/dla-needed.txt 2017-05-15 12:39:22 UTC (rev 51643)
@@ -40,7 +40,7 @@
NOTE: sooner than later.
--
jasper (Thorsten Alteholz)
- NOTE: 20170510, no patch available for the remaining CVEs yet
+ NOTE: 20170515, no patch available for the remaining CVEs yet
--
jbig2dec
51507)
+++ data/dla-needed.txt 2017-05-10 17:50:53 UTC (rev 51508)
@@ -46,7 +46,8 @@
jasper (Thorsten Alteholz)
NOTE: 20170510, no patch available for the remaining CVEs yet
--
-jbig2dec
+jbig2dec (Thorsten Alteholz)
+ NOTE: 20170510, one CVE is missing a patch
--
libav
NOTE: Diego Biurrun
: Investigating CVE-2017-2633 and CVE-2016-9602 (and related CVEs)
NOTE: version fixing cirrus related issues up for testing
--
-radicale (Thorsten Alteholz)
---
rpcbind (Markus Koschany)
--
sane-backends (Jörg Frings-Fürst)
___
Secure-testing-commits
UTC (rev 51506)
+++ data/dla-needed.txt 2017-05-10 17:47:56 UTC (rev 51507)
@@ -44,7 +44,7 @@
NOTE: sooner than later.
--
jasper (Thorsten Alteholz)
- NOTE: 20170430, not patch for the remaining CVEs yet
+ NOTE: 20170510, no patch available for the remaining CVEs yet
--
jbig2dec
(rev 51654)
+++ data/dla-needed.txt 2017-05-15 18:18:09 UTC (rev 51655)
@@ -59,8 +59,7 @@
libpodofo
NOTE: maintainer asked for a review
--
-libxml2
- NOTE: 2017-05-13: No upstream patch yet.
+libxml2 (Thorsten Alteholz)
--
linux
--
___
Secure
(rev 51664)
@@ -44,9 +44,6 @@
jasper (Thorsten Alteholz)
NOTE: 20170515, no patch available for the remaining CVEs yet
--
-jbig2dec (Thorsten Alteholz)
- NOTE: 20170510, one CVE is missing a patch
---
libarchive (Markus Koschany)
--
libav
(Thorsten Alteholz)
--
eglibc
NOTE: Patch available, however not yet applied upstream.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing
Author: alteholz
Date: 2017-06-21 13:25:01 + (Wed, 21 Jun 2017)
New Revision: 52782
Modified:
data/CVE/list
Log:
fix typo
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-21 12:49:48 UTC (rev 52781)
+++
Author: alteholz
Date: 2017-06-21 12:18:08 + (Wed, 21 Jun 2017)
New Revision: 52778
Modified:
data/CVE/list
Log:
mark CVE-2017-5977 as in Wheezy as well
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-21 12:04:40
52758)
+++ data/dla-needed.txt 2017-06-20 20:24:04 UTC (rev 52759)
@@ -120,10 +120,6 @@
NOTE: this is about https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
NOTE: which might well be fixed once more issues piled up
--
-swftools (Thorsten Alteholz)
- NOTE: 20170618, patches seem
assigned.
--
-zziplib (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
C. Sánchez)
--
-c-ares (Thorsten Alteholz)
---
ca-certificates
NOTE: 2017-03-27: maintainer will handle the upload, see
https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org
NOTE: 2017-05-12: Pinged the maintainer -- Raphael Hertzog
Author: alteholz
Date: 2017-06-26 18:07:43 + (Mon, 26 Jun 2017)
New Revision: 52928
Modified:
data/CVE/list
Log:
mark lrzip issues as no-dsa like in jessie and stretch
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2017-06-26 18:10:33 + (Mon, 26 Jun 2017)
New Revision: 52929
Modified:
data/dla-needed.txt
Log:
add boa
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-26 18:07:43 UTC (rev 52928)
+++
Author: alteholz
Date: 2017-05-20 14:50:39 + (Sat, 20 May 2017)
New Revision: 51782
Modified:
data/dla-needed.txt
Log:
update lzo2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-05-20 14:27:26 UTC (rev 51781)
-05-20 14:50:39 UTC (rev 51782)
+++ data/dla-needed.txt 2017-05-20 14:52:45 UTC (rev 51783)
@@ -53,6 +53,8 @@
libxml2 (Thorsten Alteholz)
NOTE: 20170519, patches suggested but not accepted
--
+libytnef (Thorsten Alteholz)
+--
linux
--
lzo2
:52:45 UTC (rev 51783)
+++ data/dla-needed.txt 2017-05-20 14:58:31 UTC (rev 51784)
@@ -15,6 +15,7 @@
NOTE: Currently working on a patch fixing CVE-2017-6960 --Hugo
--
bind9 (Thorsten Alteholz)
+ NOTE: test package at
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
--
ca
: EOL. I have already started to look at ESR 52 to anticipate any
problems.
NOTE: Patches for ESR 52 on wheezy sent to maintainer.
--
-icu (Thorsten Alteholz)
- NOTE: Update from Roberto C. Sánchez: I have isolated the problem and
provided a
- NOTE: patch to Thorsten to use to prepare
:55 UTC (rev 51839)
+++ data/dla-needed.txt 2017-05-22 17:11:27 UTC (rev 51840)
@@ -60,8 +60,6 @@
--
libytnef (Thorsten Alteholz)
--
-lintian
---
linux
--
lrzip
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
/dla-needed.txt 2017-05-22 20:34:34 UTC (rev 51849)
+++ data/dla-needed.txt 2017-05-22 20:35:21 UTC (rev 51850)
@@ -53,7 +53,8 @@
libpodofo
NOTE: maintainer asked for a review
--
-libsndfile
+libsndfile (Thorsten Alteholz)
+ NOTE: giving maintainer some time to respond to email
--
libxml2
19:05:50 UTC (rev 51847)
+++ data/dla-needed.txt 2017-05-22 20:32:05 UTC (rev 51848)
@@ -92,9 +92,6 @@
--
openjdk-7 (Emilio Pozuelo)
--
-postgresql-8.4 (Thorsten Alteholz)
- NOTE: 20170521, asking maintainer whether this version is affected
---
postgresql-9.1 (Thorsten Alteholz)
NOTE
:37:26 UTC (rev 51883)
+++ data/dla-needed.txt 2017-05-23 16:59:08 UTC (rev 51884)
@@ -58,7 +58,7 @@
libpodofo
NOTE: maintainer asked for a review
--
-libtasn1-3
+libtasn1-3 (Thorsten Alteholz)
--
libsndfile (Thorsten Alteholz)
NOTE: giving maintainer some time to respond to email
-needed.txt 2017-05-23 16:37:26 UTC (rev 51883)
@@ -35,7 +35,7 @@
NOTE: 20170522, there are numerous issues to address and work continues
--
jasper (Thorsten Alteholz)
- NOTE: 20170519, no patch available for the remaining CVEs yet
+ NOTE: 20170523, no patch available for the remaining CVEs yet
NOTE: maintainer asked for a review
--
-libtasn1-3 (Thorsten Alteholz)
---
libsndfile (Thorsten Alteholz)
NOTE: giving maintainer some time to respond to email
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: alteholz
Date: 2017-05-21 17:34:44 + (Sun, 21 May 2017)
New Revision: 51798
Modified:
data/CVE/list
Log:
according to maintainer wheezy is not affected by CVE-2017-9078
Modified: data/CVE/list
===
--- data/CVE/list
(Thorsten Alteholz)
NOTE: test package at
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
--
-dropbear (Thorsten Alteholz)
- NOTE: maintainer prepared debdiff
---
ca-certificates
NOTE: 2017-03-27: maintainer will handle the upload, see
https://lists.debian.org/1acb8e97
501 - 600 of 760 matches
Mail list logo