[Secure-testing-commits] r48704 - data
Guido Guenther
agx at moszumanska.debian.org
Sat Feb 4 10:39:18 UTC 2017
Author: agx
Date: 2017-02-04 10:39:18 +0000 (Sat, 04 Feb 2017)
New Revision: 48704
Modified:
data/dla-needed.txt
Log:
lts: triage libpodofo
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-02-04 10:18:37 UTC (rev 48703)
+++ data/dla-needed.txt 2017-02-04 10:39:18 UTC (rev 48704)
@@ -61,6 +61,12 @@
--
libplist (Emilio Pozuelo)
--
+libpodofo
+ NOTE: CVE-2017-5854 does not crash but the NULL check is missing
+ NOTE: CVE-2017-5855 does not crash since the Wheezy code being different
+ NOTE: CVE-2017-5852, CVE-2017-5853 crash in Wheezy
+ NOTE: CVE-2015-8981 crashes in Wheezy
+--
libxml-twig-perl
NOTE: no upstream fix yet (as of 2017-01-20) for expand_external_ents
NOTE: but new no_xxe flag in 3.50 that could be backported
More information about the Secure-testing-commits
mailing list