[Secure-testing-commits] r39364 - in data: . CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-01-31 06:04:18 +0000 (Sun, 31 Jan 2016)
New Revision: 39364

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Move note about tenatitve package to dla-needed list

NOTE: Suggesting moving it there since once the DLA is released we do
not forcibly need that additional note. Let me know if you disagree.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-31 06:04:04 UTC (rev 39363)
+++ data/CVE/list	2016-01-31 06:04:18 UTC (rev 39364)
@@ -4878,7 +4878,6 @@
 	NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
 	NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
 	NOTE: the CVE-2015-4844 fix.
-	NOTE: tentative package for icu https://lists.debian.org/debian-lts/2016/01/msg00133.html
 CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
 	TODO: check
 CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
@@ -16308,7 +16307,6 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273318
 	NOTE: see also CVE-2016-0494, introduced in through the fix for this CVE.
 	NOTE: patch: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e
-	NOTE: tentative package for icu https://lists.debian.org/debian-lts/2016/01/msg00133.html
 CVE-2015-4843 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
 	{DSA-3381-1 DLA-346-1}
 	- openjdk-6 <removed>

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-01-31 06:04:04 UTC (rev 39363)
+++ data/dla-needed.txt	2016-01-31 06:04:18 UTC (rev 39364)
@@ -39,6 +39,7 @@
 --
 icu (Antoine Beaupré)
   NOTE: check comments on CVE-2016-0494 as well
+  NOTE: tentative package for icu https://lists.debian.org/debian-lts/2016/01/msg00133.html
 --
 imagemagick
   NOTE: only minor issues without CVE