Author: apo Date: 2017-02-26 21:47:28 +0000 (Sun, 26 Feb 2017) New Revision: 49246
Modified: data/dla-needed.txt Log: Update note about libpodofo No patches available for most issues as of 26. February 2017 Patch for CVE-2015-8981 works Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-02-26 20:59:45 UTC (rev 49245) +++ data/dla-needed.txt 2017-02-26 21:47:28 UTC (rev 49246) @@ -66,11 +66,12 @@ NOTE: symbols don't work there, making it hard to properly debug and fix the problems. NOTE: Maybe we should consider upgrading to the version in wheezy once this is fixed there. -- -libpodofo (Markus Koschany) +libpodofo NOTE: CVE-2017-5854 does not crash but the NULL check is missing NOTE: CVE-2017-5855 does not crash since the Wheezy code being different NOTE: CVE-2017-5852, CVE-2017-5853 crash in Wheezy - NOTE: CVE-2015-8981 crashes in Wheezy + NOTE: CVE-2015-8981 Wheezy is affected, patch is straightforward. + NOTE: 20170226: No patches available for other issues. -- libquicktime NOTE: added 2017-02-25, please give maintainer some time to respond _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
