[Secure-testing-commits] r49227 - in data: . CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Sun Feb 26 04:18:43 UTC 2017
Author: mgilbert
Date: 2017-02-26 04:18:42 +0000 (Sun, 26 Feb 2017)
New Revision: 49227
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
libxml2 issues are no dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-26 02:15:40 UTC (rev 49226)
+++ data/CVE/list 2017-02-26 04:18:42 UTC (rev 49227)
@@ -852,6 +852,7 @@
CVE-2017-5969 [null pointer dereference when parsing a xml file using recover mode]
RESERVED
- libxml2 <unfixed> (bug #855001)
+ [stretch] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
[wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3
@@ -16614,6 +16615,8 @@
RESERVED
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ...)
- libxml2 <unfixed> (bug #844581)
+ [stretch] - libxml2 <no-dsa> (Minor issue)
+ [jessie] - libxml2 <no-dsa> (Minor issue)
[wheezy] - libxml2 <no-dsa> (Minor issue)
NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726
NOTE: Tentative patch available but not blessed by upstream yet (2016-12-13) (cf. comment #15)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-02-26 02:15:40 UTC (rev 49226)
+++ data/dsa-needed.txt 2017-02-26 04:18:42 UTC (rev 49227)
@@ -24,8 +24,6 @@
--
libical
--
-libxml2
---
linux
wait until more issues have piled up
--
More information about the Secure-testing-commits
mailing list