[Secure-testing-commits] r47025 - in data: . CVE

Tue Dec 13 16:30:40 UTC 2016

Author: lamby
Date: 2016-12-13 16:30:40 +0000 (Tue, 13 Dec 2016)
New Revision: 47025

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
DLA-547-1 did not fix CVE-2016-5240 in graphicsmagick.

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-12-13 16:09:24 UTC (rev 47024)
+++ data/CVE/list	2016-12-13 16:30:40 UTC (rev 47025)
@@ -22514,12 +22514,10 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-181.html
 CVE-2016-5241
 	RESERVED
-	{DLA-547-1}
 	- graphicsmagick 1.3.24-1
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
 CVE-2016-5240
 	RESERVED
-	{DLA-547-1}
 	- graphicsmagick 1.3.24-1
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
 CVE-2016-5237

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-12-13 16:09:24 UTC (rev 47024)
+++ data/dla-needed.txt	2016-12-13 16:30:40 UTC (rev 47025)
@@ -16,6 +16,8 @@
   NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing.
 --
 graphicsmagick
+  NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next upload.
+  NOTE: Subject of announce mail also contained typo (DLA-574-1 vs. DLA-547-1)
 --
 hdf5 (Thorsten Alteholz)
 --


