[Secure-testing-commits] r44886 - in data: . DLA

[Kurt Roeckx]

Author: kroeckx
Date: 2016-09-25 11:49:10 +0000 (Sun, 25 Sep 2016)
New Revision: 44886

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-637-1 for openssl

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-09-25 09:53:56 UTC (rev 44885)
+++ data/DLA/list	2016-09-25 11:49:10 UTC (rev 44886)
@@ -1,3 +1,6 @@
+[25 Sep 2016] DLA-637-1 openssl - security update
+	{CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306}
+	[wheezy] - openssl 1.0.1t-1+deb7u1
 [25 Sep 2016] DLA-636-1 firefox-esr - security update
 	{CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284}
 	[wheezy] - firefox-esr 45.4.0esr-1~deb7u1

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-09-25 09:53:56 UTC (rev 44885)
+++ data/dla-needed.txt	2016-09-25 11:49:10 UTC (rev 44886)
@@ -49,14 +49,6 @@
 --
 mingw32 (Stephen Kitt)
 --
-openssl
-  NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
-  NOTE: because the wheezy version is completely missing the checks being
-  NOTE: fixed!  Those checks should probably be added by cherry-picking
-  NOTE: additional upstream changes.
-  NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
-  NOTE: priority issues and will fix them after the next release of OpenSSL.
---
 php5 (Thorsten Alteholz)
 --
 phpmyadmin (Ola Lundqvist)