[Secure-testing-commits] r58855 - in data: . DLA
Thorsten Alteholz
alteholz at moszumanska.debian.org
Fri Dec 22 23:09:23 UTC 2017
Author: alteholz
Date: 2017-12-22 23:09:22 +0000 (Fri, 22 Dec 2017)
New Revision: 58855
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1218-1 for rsync
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-12-22 22:43:17 UTC (rev 58854)
+++ data/DLA/list 2017-12-22 23:09:22 UTC (rev 58855)
@@ -1,3 +1,6 @@
+[23 Dec 2017] DLA-1218-1 rsync - security update
+ {CVE-2017-16548 CVE-2017-17433 CVE-2017-17434}
+ [wheezy] - rsync 3.0.9-4+deb7u1
[21 Dec 2017] DLA-1217-1 irssi - security update
{CVE-2017-5193 CVE-2017-5194 CVE-2017-5356 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722}
[wheezy] - irssi 0.8.15-5+deb7u4
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-12-22 22:43:17 UTC (rev 58854)
+++ data/dla-needed.txt 2017-12-22 23:09:22 UTC (rev 58855)
@@ -67,8 +67,6 @@
python3.2 (Emilio Pozuelo)
NOTE: webbrowser.py as binary is hard to exploit, but when using it as an import then it may be possible to trigger something. Should be fixed to be on the safe side even though it is not an urgent problem.
--
-rsync (Thorsten Alteholz)
---
rtpproxy
NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog
--
More information about the Secure-testing-commits
mailing list