[Secure-testing-commits] r50669 - in data: . CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Fri Apr 14 13:38:24 UTC 2017


Author: hertzog
Date: 2017-04-14 13:38:24 +0000 (Fri, 14 Apr 2017)
New Revision: 50669

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Requalify libarchive CVE as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-14 13:38:12 UTC (rev 50668)
+++ data/CVE/list	2017-04-14 13:38:24 UTC (rev 50669)
@@ -5451,6 +5451,7 @@
 CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
 	- libarchive <unfixed> (bug #859456)
 	[jessie] - libarchive <no-dsa> (Minor issue)
+	[wheezy] - libarchive <no-dsa> (Minor issue, not reproducible in Debian)
 	NOTE: https://github.com/libarchive/libarchive/issues/842
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
 CVE-2017-5919

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-04-14 13:38:12 UTC (rev 50668)
+++ data/dla-needed.txt	2017-04-14 13:38:24 UTC (rev 50669)
@@ -32,8 +32,6 @@
 --
 jasper (Thorsten Alteholz)
 --
-libarchive (Raphaël Hertzog)
---
 libav (Hugo Lefeuvre)
   NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
   NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML)




More information about the Secure-testing-commits mailing list