[Secure-testing-commits] r49291 - in data: . DLA
Markus Koschany
apo at moszumanska.debian.org
Tue Feb 28 13:52:07 UTC 2017
Author: apo
Date: 2017-02-28 13:52:07 +0000 (Tue, 28 Feb 2017)
New Revision: 49291
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-840-1 for libplist
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-02-28 11:54:03 UTC (rev 49290)
+++ data/DLA/list 2017-02-28 13:52:07 UTC (rev 49291)
@@ -1,3 +1,6 @@
+[28 Feb 2017] DLA-840-1 libplist - security update
+ {CVE-2017-5834 CVE-2017-5835}
+ [wheezy] - libplist 1.8-1+deb7u2
[27 Feb 2017] DLA-839-1 tnef - security update
{CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310}
[wheezy] - tnef 1.4.9-1+deb7u1
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-02-28 11:54:03 UTC (rev 49290)
+++ data/dla-needed.txt 2017-02-28 13:52:07 UTC (rev 49291)
@@ -57,12 +57,6 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
-libplist (Markus Koschany)
- NOTE: wheezy has an old version, code has been largely rewritten so it's not easy to backport the
- NOTE: patches. Furthermore, the build system uses cmake in wheezy, and for some reason debugging
- NOTE: symbols don't work there, making it hard to properly debug and fix the problems.
- NOTE: Maybe we should consider upgrading to the version in wheezy once this is fixed there.
---
libpodofo
NOTE: CVE-2017-5854 does not crash but the NULL check is missing
NOTE: CVE-2017-5855 does not crash since the Wheezy code being different
More information about the Secure-testing-commits
mailing list