Author: hle
Date: 2017-11-20 09:37:35 +0000 (Mon, 20 Nov 2017)
New Revision: 57845
Modified:
data/dla-needed.txt
Log:
Update NOTEs for lame and ming in dla-needed.
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-20 09:34:52 UTC (rev 57844)
+++ data/dla-needed.txt 2017-11-20 09:37:35 UTC (rev 57845)
@@ -23,9 +23,9 @@
--
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
- NOTE: 20171116: 3.100 available: check with the security team whether a
backport is possible or not
- NOTE: (since Stretch isn't affected by these issues they are probably not
going to accept
- NOTE: a backport to Stretch, which will therefore make a backport to
Jessie/Wheezy impossible).
+ NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines.
+ NOTE: Issues are all no-dsa in Jessie, so if I can't update Jessie as well
I'll probably mark
+ NOTE: them no-dsa.
--
ldns (Roberto C. Sánchez)
NOTE: 201711118: Fix for CVE-2017-1000231 will need some adjustment for
wheezy (lamby)
@@ -59,7 +59,8 @@
linux
--
ming (Hugo Lefeuvre)
- NOTE: 20171116: wip, currently working on it with upstream, might take a
while
+ NOTE: 20171120: wip, currently working on it with upstream, might take a
while
+ NOTE: Some issues currently in upstream's bug tracker are missing a CVE
number, so number of issues might increase in the next weeks
--
mp3gain
NOTE: Successfully reproduced CVE-2017-144{09, 07} but couldn't reproduce
CVE-2017-144{06, 08, 10, 11, 12} (valgrind in Wheezy, gcc+asan in Jessie).
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
