[Secure-testing-commits] r51883 - in data: . CVE

Tue May 23 16:37:26 UTC 2017

Author: alteholz
Date: 2017-05-23 16:37:26 +0000 (Tue, 23 May 2017)
New Revision: 51883

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
bug update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-05-23 13:19:11 UTC (rev 51882)
+++ data/CVE/list	2017-05-23 16:37:26 UTC (rev 51883)
@@ -465,6 +465,7 @@
 	RESERVED
 CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer ...)
 	- libytnef <unfixed> (bug #862556)
+	NOTE: https://github.com/Yeraze/ytnef/issues/45
 CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
 	NOT-FOR-US: Joomla extension
 CVE-2017-9029

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-05-23 13:19:11 UTC (rev 51882)
+++ data/dla-needed.txt	2017-05-23 16:37:26 UTC (rev 51883)
@@ -35,7 +35,7 @@
   NOTE: 20170522, there are numerous issues to address and work continues
 --
 jasper (Thorsten Alteholz)
-  NOTE: 20170519, no patch available for the remaining CVEs yet
+  NOTE: 20170523, no patch available for the remaining CVEs yet
 --
 kde4libs
   NOTE: Maintainer wants debdiff to record our upload in his VCS. See
@@ -64,9 +64,10 @@
   NOTE: giving maintainer some time to respond to email
 --
 libxml2 (Thorsten Alteholz)
-  NOTE: 20170519, patches suggested but not accepted
+  NOTE: 20170523, patches suggested but not accepted, bugs not yet public
 --
 libytnef (Thorsten Alteholz)
+  NOTE: 20170523, patches missing
 --
 linux
 --
@@ -125,7 +126,7 @@
 smb4k
 --
 swftools (Thorsten Alteholz)
-  NOTE: giving maintainer some time to respond to email
+  NOTE: one upstream fix is not yet complete
 --
 tiff
   NOTE: https://people.debian.org/~apo/tiff/tiff.debdiff


