[Secure-testing-commits] r57356 - in data: . CVE
Brian May
bam at moszumanska.debian.org
Mon Nov 6 04:39:52 UTC 2017
Author: bam
Date: 2017-11-06 04:39:52 +0000 (Mon, 06 Nov 2017)
New Revision: 57356
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark pngcrush no-DSA
It is already no-DSA for Stretch and Jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-06 04:26:08 UTC (rev 57355)
+++ data/CVE/list 2017-11-06 04:39:52 UTC (rev 57356)
@@ -81325,6 +81325,7 @@
- pngcrush <unfixed> (bug #874109)
[stretch] - pngcrush <no-dsa> (Minor issue)
[jessie] - pngcrush <no-dsa> (Minor issue)
+ [wheezy] - pngcrush <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/p/pmt/code/ci/e8ae5a842e86324f0bee91f4d98245fddb8ea5dd (1.7.87)
CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
{DSA-3386-1 DLA-330-1}
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-06 04:26:08 UTC (rev 57355)
+++ data/dla-needed.txt 2017-11-06 04:39:52 UTC (rev 57356)
@@ -79,10 +79,6 @@
NOTE: I assume Kurt Roeckx will take care of it again.
NOTE: 1.0.1t-1+deb7u3 by Kurt Roeckx, DLA number already reserved, but upload missing
--
-pngcrush
- NOTE: CVE-2015-7700: the problematic call to png_free_data() is present
- NOTE: in wheezy but it's not clear to me where the other call to free() is.
---
poppler (Emilio Pozuelo)
NOTE: not fixed in sid yet so did not ping maintainer
NOTE: drawForm is doForm1 in wheezy
More information about the Secure-testing-commits
mailing list