[Secure-testing-commits] r51085 - data
Hugo Lefeuvre
hle at moszumanska.debian.org
Wed Apr 26 20:54:30 UTC 2017
Author: hle
Date: 2017-04-26 20:54:29 +0000 (Wed, 26 Apr 2017)
New Revision: 51085
Modified:
data/dla-needed.txt
Log:
Un-claim potrace and libav in data/dla-needed. Add comments for partclone.
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-04-26 20:09:02 UTC (rev 51084)
+++ data/dla-needed.txt 2017-04-26 20:54:29 UTC (rev 51085)
@@ -36,9 +36,10 @@
--
jasper (Thorsten Alteholz)
--
-libav (Hugo Lefeuvre)
- NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
- NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML)
+libav
+ NOTE: Diego Biurrun (from the libav team) is working on patches.
+ NOTE: Some CVEs like CVE-2015-6820 require a reproducer to be tested and fixed. For the moment
+ NOTE: they are marked as undetermined. Diego has asked for the reporters.
--
libical
NOTE: No known solution as of 2017-01-16.
@@ -73,9 +74,9 @@
openjdk-7 (Emilio Pozuelo)
--
partclone (Hugo Lefeuvre)
+ NOTE: CVE-2017-6596 successfully reproduced on Debian Wheezy, but upstream patch doesn't fix the issue.
--
-potrace (Hugo Lefeuvre)
- NOTE: Try to reproduce CVE-2016-8685/cherry pick the patch from Stretch.
+potrace
NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not
NOTE: a bug (see #843861).
--
More information about the Secure-testing-commits
mailing list