[Secure-testing-commits] r50147 - in data: . DLA

Antoine Beaupré anarcat at moszumanska.debian.org
Tue Mar 28 20:29:31 UTC 2017


Author: anarcat
Date: 2017-03-28 20:29:31 +0000 (Tue, 28 Mar 2017)
New Revision: 50147

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
reserve DLA-547-2 regression upload

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-03-28 20:24:27 UTC (rev 50146)
+++ data/DLA/list	2017-03-28 20:29:31 UTC (rev 50147)
@@ -1,6 +1,8 @@
 [28 Mar 2017] DLA-878-1 libytnef - security update
 	{CVE-2017-6298 CVE-2017-6299 CVE-2017-6300 CVE-2017-6301 CVE-2017-6302 CVE-2017-6303 CVE-2017-6304 CVE-2017-6305 CVE-2017-6801 CVE-2017-6802}
 	[wheezy] - libytnef 1.5-4+deb7u1
+[28 Mar 2017] DLA-547-2 graphicsmagick - regression update
+	[wheezy] - graphicsmagick 1.3.16-1.1+deb7u6
 [28 Mar 2017] DLA-877-1 tiff - security update
 	{CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269}
 	[wheezy] - tiff 4.0.2-6+deb7u11

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-03-28 20:24:27 UTC (rev 50146)
+++ data/dla-needed.txt	2017-03-28 20:29:31 UTC (rev 50147)
@@ -30,13 +30,6 @@
   NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is now
   NOTE: EOL. I have already started to look at ESR 52 to anticipate any problems
 --
-graphicsmagick (Antoine Beaupre)
-  NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues?
-  NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next upload.
-  NOTE: Incomplete/Incorrect fix as per https://lists.debian.org/debian-lts/2016/12/msg00077.html
-  NOTE: Subject of announce mail also contained typo (DLA-574-1 vs. DLA-547-1)
-  NOTE: update available for testing in: https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at
---
 icedove
   NOTE: maintainer currenlty planx to rename to thunderbird with the next
   NOTE: upstream version (#851989). Jessie / Wheezy should do the same.




More information about the Secure-testing-commits mailing list