[Secure-testing-commits] r50676 - data
Jonas Meurer
mejo at moszumanska.debian.org
Fri Apr 14 17:27:46 UTC 2017
Author: mejo
Date: 2017-04-14 17:27:46 +0000 (Fri, 14 Apr 2017)
New Revision: 50676
Modified:
data/dla-needed.txt
Log:
give back libical and putty
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-04-14 17:01:39 UTC (rev 50675)
+++ data/dla-needed.txt 2017-04-14 17:27:46 UTC (rev 50676)
@@ -36,9 +36,11 @@
NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML)
--
-libical (Jonas Meurer)
+libical
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
+ NOTE: Unclear, which reproducer belongs to which bug.
+
--
libplist
NOTE: 20170324: more information needed for open CVEs.
@@ -91,7 +93,11 @@
NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not
NOTE: a bug (see #843861).
--
-putty (Jonas Meurer)
+putty
+ NOTE: 2017-04-14: CVE-2017-6542 is only exploitable by a malicious server
+ NOTE: with SSH agent forwarding enabled. In this case, the client is in
+ NOTE: serious problem anyway. Backporting the fix is non-trivial. Asked the
+ NOTE: putty maintainer for help/advice, but no response yet. -- Jonas Meurer
--
qbittorrent (Thorsten Alteholz)
--
More information about the Secure-testing-commits
mailing list