Author: apo Date: 2017-11-30 20:51:27 +0000 (Thu, 30 Nov 2017) New Revision: 58154
Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-1197-1 for sox Modified: data/DLA/list =================================================================== --- data/DLA/list 2017-11-30 19:54:09 UTC (rev 58153) +++ data/DLA/list 2017-11-30 20:51:27 UTC (rev 58154) @@ -1,3 +1,6 @@ +[30 Nov 2017] DLA-1197-1 sox - security update + {CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371} + [wheezy] - sox 14.4.0-3+deb7u2 [30 Nov 2017] DLA-1196-1 optipng - security update {CVE-2017-16938} [wheezy] - optipng 0.6.4-1+deb7u4 Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-11-30 19:54:09 UTC (rev 58153) +++ data/dla-needed.txt 2017-11-30 20:51:27 UTC (rev 58154) @@ -82,15 +82,6 @@ NOTE: 2017-09-04: Maintainer will handle this. NOTE: https://lists.debian.org/debian-lts/2017/09/msg00010.html -- -sox (Markus Koschany) - NOTE: No patches. Contacted upstream. Waiting for feedback - NOTE: > 12% of sponsors use sox hence I have decided to add it here. - NOTE: https://sourceforge.net/p/sox/bugs/296/ - NOTE: 2017-09-01: pinged upstream (Markus) - NOTE: please check https://bugs.debian.org/882236 too (but please note that - NOTE: the CVE is specifically assigned for libvorbis, so do not reuse the - NOTE: CVE when applying the fix) --- suricata NOTE: 2017-10-27: At a quick glance, I can't see that this is vulnerable. --lamby -- _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits