Author: apo Date: 2017-02-28 13:52:07 +0000 (Tue, 28 Feb 2017) New Revision: 49291
Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-840-1 for libplist Modified: data/DLA/list =================================================================== --- data/DLA/list 2017-02-28 11:54:03 UTC (rev 49290) +++ data/DLA/list 2017-02-28 13:52:07 UTC (rev 49291) @@ -1,3 +1,6 @@ +[28 Feb 2017] DLA-840-1 libplist - security update + {CVE-2017-5834 CVE-2017-5835} + [wheezy] - libplist 1.8-1+deb7u2 [27 Feb 2017] DLA-839-1 tnef - security update {CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310} [wheezy] - tnef 1.4.9-1+deb7u1 Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-02-28 11:54:03 UTC (rev 49290) +++ data/dla-needed.txt 2017-02-28 13:52:07 UTC (rev 49291) @@ -57,12 +57,6 @@ NOTE: No known solution as of 2017-01-16. NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby) -- -libplist (Markus Koschany) - NOTE: wheezy has an old version, code has been largely rewritten so it's not easy to backport the - NOTE: patches. Furthermore, the build system uses cmake in wheezy, and for some reason debugging - NOTE: symbols don't work there, making it hard to properly debug and fix the problems. - NOTE: Maybe we should consider upgrading to the version in wheezy once this is fixed there. --- libpodofo NOTE: CVE-2017-5854 does not crash but the NULL check is missing NOTE: CVE-2017-5855 does not crash since the Wheezy code being different _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits