[Secure-testing-commits] r50470 - in data: . CVE
Markus Koschany
apo at moszumanska.debian.org
Sat Apr 8 14:10:54 UTC 2017
Author: apo
Date: 2017-04-08 14:10:53 +0000 (Sat, 08 Apr 2017)
New Revision: 50470
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2016-10169,wavpack: Mark as no-dsa for Wheezy
According to upstream two of the three fixes only apply to versions since 4.80.
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
In total this issue is too minor and not DLA-worthy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-08 13:30:14 UTC (rev 50469)
+++ data/CVE/list 2017-04-08 14:10:53 UTC (rev 50470)
@@ -5755,6 +5755,7 @@
CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows ...)
- wavpack 5.0.0-2 (bug #853076)
[jessie] - wavpack <no-dsa> (Minor issue)
+ [wheezy] - wavpack <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-04-08 13:30:14 UTC (rev 50469)
+++ data/dla-needed.txt 2017-04-08 14:10:53 UTC (rev 50470)
@@ -123,10 +123,6 @@
NOTE: from my point of view backporting the introduction of these new members to this old
NOTE: version is way to invasive and such this should be marked as <no-dsa>
--
-wavpack
- NOTE: issue is no-dsa in jessie but code is similar so uploading to s-p-u might make sense
- NOTE: to not diverge between Jessie and Wheezy
---
web2py
NOTE: Unclear if these bugs have been fixed or when.
NOTE: No response to upstream bug report:
More information about the Secure-testing-commits
mailing list