Author: bam
Date: 2017-05-12 07:19:46 +0000 (Fri, 12 May 2017)
New Revision: 51565
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update potrace information
CVE-2016-8686 was marked no-dsa for wheezy, so that comment in
dla-needed.txt is no longer applicable. However there is now
CVE-2017-7263 open, so not removing the entry.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-12 06:20:08 UTC (rev 51564)
+++ data/CVE/list 2017-05-12 07:19:46 UTC (rev 51565)
@@ -27322,8 +27322,7 @@
[wheezy] - potrace <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
NOTE: http://potrace.sourceforge.net/ChangeLog claims that it's fixed
in 1.14
- NOTE: There's no public repository so patch is hard to extract.
- NOTE: I asked the patch to the upstream author. -- Raphael Hertzog
+ NOTE: but see https://lists.debian.org/debian-lts/2017/05/msg00032.html
CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows
remote ...)
{DLA-889-1}
- potrace 1.13-3 (bug #843861)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-05-12 06:20:08 UTC (rev 51564)
+++ data/dla-needed.txt 2017-05-12 07:19:46 UTC (rev 51565)
@@ -89,8 +89,6 @@
postgresql-8.4
--
potrace
- NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not
- NOTE: a bug (see #843861).
--
putty
NOTE: 2017-04-14: CVE-2017-6542 is only exploitable by a malicious server
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
