[Secure-testing-commits] r50669 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Apr 14 13:38:24 UTC 2017
Author: hertzog
Date: 2017-04-14 13:38:24 +0000 (Fri, 14 Apr 2017)
New Revision: 50669
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Requalify libarchive CVE as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-14 13:38:12 UTC (rev 50668)
+++ data/CVE/list 2017-04-14 13:38:24 UTC (rev 50669)
@@ -5451,6 +5451,7 @@
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
- libarchive <unfixed> (bug #859456)
[jessie] - libarchive <no-dsa> (Minor issue)
+ [wheezy] - libarchive <no-dsa> (Minor issue, not reproducible in Debian)
NOTE: https://github.com/libarchive/libarchive/issues/842
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
CVE-2017-5919
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-04-14 13:38:12 UTC (rev 50668)
+++ data/dla-needed.txt 2017-04-14 13:38:24 UTC (rev 50669)
@@ -32,8 +32,6 @@
--
jasper (Thorsten Alteholz)
--
-libarchive (Raphaël Hertzog)
---
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML)
More information about the Secure-testing-commits
mailing list