[Secure-testing-commits] r47836 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Sun Jan 8 22:13:07 UTC 2017
Author: opal
Date: 2017-01-08 22:13:07 +0000 (Sun, 08 Jan 2017)
New Revision: 47836
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Some notes after investigation.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-08 21:33:56 UTC (rev 47835)
+++ data/CVE/list 2017-01-08 22:13:07 UTC (rev 47836)
@@ -12737,7 +12737,10 @@
RESERVED
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ...)
- libxml2 <unfixed> (bug #844581)
- NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772726
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772726#c15
+ NOTE: tentative patch available but not blessed by upstream yet (2016-12-13)
+ NOTE: For stable and oldstable it is probably not worth the effort to fix this problem.
+ NOTE: The reason is that the correction is to introduce a new option that can be specified if this new behaviour is wanted. It is not enforced by default.
CVE-2016-9317
RESERVED
CVE-2016-9316
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-01-08 21:33:56 UTC (rev 47835)
+++ data/dla-needed.txt 2017-01-08 22:13:07 UTC (rev 47836)
@@ -48,6 +48,7 @@
jasper (Thorsten Alteholz)
--
jbig2dec
+ NOTE: No known solution as of 2017-01-08.
--
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues in the next months.
@@ -64,8 +65,6 @@
NOTE: could be backported (2016-12-13)
--
libxml2
- NOTE: tentative patch available but not blessed by upstream yet (2016-12-13)
- NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772726#c15
--
linux
NOTE: if CVE-2016-8649 (lxc issue) is to be fixed in wheezy, it
More information about the Secure-testing-commits
mailing list