[Secure-testing-commits] r50007 - in data: . DLA
Markus Koschany
apo at moszumanska.debian.org
Fri Mar 24 21:18:58 UTC 2017
Author: apo
Date: 2017-03-24 21:18:58 +0000 (Fri, 24 Mar 2017)
New Revision: 50007
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-870-1 for libplist
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-03-24 21:10:12 UTC (rev 50006)
+++ data/DLA/list 2017-03-24 21:18:58 UTC (rev 50007)
@@ -1,3 +1,6 @@
+[24 Mar 2017] DLA-870-1 libplist - security update
+ {CVE-2017-6435 CVE-2017-6436 CVE-2017-6439}
+ [wheezy] - libplist 1.8-1+deb7u3
[24 Mar 2017] DLA-869-1 cgiemail - security update
{CVE-2017-5613 CVE-2017-5614 CVE-2017-5615 CVE-2017-5616}
[wheezy] - cgiemail 1.6-37+deb7u1
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-03-24 21:10:12 UTC (rev 50006)
+++ data/dla-needed.txt 2017-03-24 21:18:58 UTC (rev 50007)
@@ -52,12 +52,6 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
-libplist (Markus Koschany)
- NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017-6439 is probably a duplicate of CVE-2017-6436.
- NOTE: The rest is still unfixed/more information needed.
- NOTE: Although CVE-2017-6439 and CVE-2017-6436 have same fixing commit the codepath
- NOTE: to trigger the issue is different, and thus are treated as two different issues.
---
libpodofo
NOTE: 20170310: No patches available.
NOTE: Proposed patch for CVE-2017-5853, which is marked no-dsa.
More information about the Secure-testing-commits
mailing list