[Secure-testing-commits] r53384 - in data: . DLA

[Roberto C. Sanchez]

Author: roberto
Date: 2017-07-11 14:11:26 +0000 (Tue, 11 Jul 2017)
New Revision: 53384

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-1022-1 for tiff and DLA-1023-1 for tiff3

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-07-11 13:40:32 UTC (rev 53383)
+++ data/DLA/list	2017-07-11 14:11:26 UTC (rev 53384)
@@ -1,3 +1,9 @@
+[11 Jul 2017] DLA-1023-1 tiff3 - security update
+	{CVE-2017-9936}
+	[wheezy] - tiff3 3.9.6-11+deb7u7
+[11 Jul 2017] DLA-1022-1 tiff - security update
+	{CVE-2017-9936 CVE-2017-10688}
+	[wheezy] - tiff 4.0.2-6+deb7u15
 [09 Jul 2017] DLA-1021-1 jetty8 - security update
 	{CVE-2017-9735}
 	[wheezy] - jetty8 8.1.3-4+deb7u1

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-07-11 13:40:32 UTC (rev 53383)
+++ data/dla-needed.txt	2017-07-11 14:11:26 UTC (rev 53384)
@@ -162,8 +162,12 @@
   NOTE: removed from Jessie, maintainer not active anymore
 --
 tiff (Roberto C. Sánchez)
+  NOTE: 20170711, Version 4.0.2-6+deb7u14 fixes CVE-2017-9936 and CVE-2017-10688 (DLA-1022-1)
+  NOTE: CVE-2017-9935 is still unresolved upstream
 --
 tiff3 (Roberto C. Sánchez)
+  NOTE: 20170711, Version 3.9.6-11+deb7u7 fixes CVE-2017-9936 (DLA-1023-1)
+  NOTE: CVE-2017-9935 is still unresolved upstream
 --
 vim (James McCoy)
 --