Author: agx Date: 2017-11-20 15:54:54 +0000 (Mon, 20 Nov 2017) New Revision: 57854
Modified: data/dla-needed.txt Log: lts: update vorbis status Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-11-20 15:08:38 UTC (rev 57853) +++ data/dla-needed.txt 2017-11-20 15:54:54 UTC (rev 57854) @@ -22,7 +22,7 @@ NOTE: 20171031: No details available. Asked upstream for clarification. -- lame (Hugo Lefeuvre) - NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} + NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines. NOTE: Instead, lame's maintainer will switch jessie to also use libsndfile in the next Jessie NOTE: point update, simply forward the changes to Wheezy (this should fix almost all open CVEs). @@ -49,9 +49,9 @@ NOTE: there are some new CVEs now as well -- libvorbis (Guido Günther) - NOTE: 20170829: no fix available yet - NOTE: Fixes for most of the issues submitted upstream to libvorbis, sox, - NOTE: awaiting feedback + NOTE: 20171120: Fixes for issues submitted upstream to libvorbis, + NOTE: theora and sox. Awaiting feedback. Underlying reason for CVE-2017-14160 + NOTE: unclear. -- libxml2 (Thorsten Alteholz) NOTE: bugfix needs confirmation by upstream _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits