[Secure-testing-commits] r49246 - data
Markus Koschany
apo at moszumanska.debian.org
Sun Feb 26 21:47:28 UTC 2017
Author: apo
Date: 2017-02-26 21:47:28 +0000 (Sun, 26 Feb 2017)
New Revision: 49246
Modified:
data/dla-needed.txt
Log:
Update note about libpodofo
No patches available for most issues as of 26. February 2017
Patch for CVE-2015-8981 works
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-02-26 20:59:45 UTC (rev 49245)
+++ data/dla-needed.txt 2017-02-26 21:47:28 UTC (rev 49246)
@@ -66,11 +66,12 @@
NOTE: symbols don't work there, making it hard to properly debug and fix the problems.
NOTE: Maybe we should consider upgrading to the version in wheezy once this is fixed there.
--
-libpodofo (Markus Koschany)
+libpodofo
NOTE: CVE-2017-5854 does not crash but the NULL check is missing
NOTE: CVE-2017-5855 does not crash since the Wheezy code being different
NOTE: CVE-2017-5852, CVE-2017-5853 crash in Wheezy
- NOTE: CVE-2015-8981 crashes in Wheezy
+ NOTE: CVE-2015-8981 Wheezy is affected, patch is straightforward.
+ NOTE: 20170226: No patches available for other issues.
--
libquicktime
NOTE: added 2017-02-25, please give maintainer some time to respond
More information about the Secure-testing-commits
mailing list