[Secure-testing-commits] r41874 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu May 19 06:14:33 UTC 2016
Author: carnil
Date: 2016-05-19 06:14:33 +0000 (Thu, 19 May 2016)
New Revision: 41874
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
Mark librsvg as dsa needing, better safe
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-19 04:38:59 UTC (rev 41873)
+++ data/CVE/list 2016-05-19 06:14:33 UTC (rev 41874)
@@ -7126,7 +7126,6 @@
RESERVED
{DLA-477-1}
- librsvg 2.40.12-1
- [jessie] - librsvg <no-dsa> (Too intrusive to backport)
NOTE: https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 (2.40.12)
NOTE: Gustavo Grieco confirmed that this is probably the same issue as CVE-2015-7558
NOTE: Possibly CVE-2016-4347 will/should be rejected or still be used.
@@ -17839,7 +17838,6 @@
RESERVED
{DLA-477-1}
- librsvg 2.40.12-1
- [jessie] - librsvg <no-dsa> (Too intrusive to backport)
[wheezy] - librsvg <no-dsa> (Too intrusive to backport)
[squeeze] - librsvg <no-dsa> (Too intrusive to backport)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-05-19 04:38:59 UTC (rev 41873)
+++ data/dsa-needed.txt 2016-05-19 06:14:33 UTC (rev 41874)
@@ -32,10 +32,7 @@
--
imagemagick (luciano)
--
-librsvg
- Testpackages based on Brian May's work for wheezy:
- https://people.debian.org/~carnil/tmp/librsvg/
- TODO: still to decice if no-dsa
+librsvg (carnil)
--
libxml2 (carnil)
NOTE: waiting for libxml2 upstream's blessed patches
More information about the Secure-testing-commits
mailing list