[Secure-testing-commits] r50465 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Apr 8 12:07:25 UTC 2017


Author: carnil
Date: 2017-04-08 12:07:24 +0000 (Sat, 08 Apr 2017)
New Revision: 50465

Modified:
   data/CVE/list
Log:
Add upstream commit for CVE-2016-9318

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-08 10:56:39 UTC (rev 50464)
+++ data/CVE/list	2017-04-08 12:07:24 UTC (rev 50465)
@@ -20585,10 +20585,9 @@
 	[jessie] - libxml2 <no-dsa> (Minor issue)
 	[wheezy] - libxml2 <no-dsa> (Minor issue)
 	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726
-	NOTE: Tentative patch available but not blessed by upstream yet (2016-12-13) (cf. comment #15)
-	NOTE: For wheezy it is probably not worth the effort to fix this problem.
-	NOTE: The reason is that the correction is to introduce a new option that can be specified if this new behaviour
-	NOTE: is wanted. It is not enforced by default.
+	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
+	NOTE: The patch introduces a new option that can be specified if this
+	NOTE: behaviour is wanted. Not enforced by default.
 CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) ...)
 	{DSA-3777-1 DLA-804-1}
 	- libgd2 2.2.4-1




More information about the Secure-testing-commits mailing list