[Secure-testing-commits] r57400 - in data: . DLA
Markus Koschany
apo at moszumanska.debian.org
Tue Nov 7 11:36:21 UTC 2017
Author: apo
Date: 2017-11-07 11:36:21 +0000 (Tue, 07 Nov 2017)
New Revision: 57400
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1164-1 for mupdf
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-11-07 10:20:25 UTC (rev 57399)
+++ data/DLA/list 2017-11-07 11:36:21 UTC (rev 57400)
@@ -1,3 +1,6 @@
+[07 Nov 2017] DLA-1164-1 mupdf - security update
+ {CVE-2017-14687 CVE-2017-15587}
+ [wheezy] - mupdf 0.9-2+deb7u4
[06 Nov 2017] DLA-1163-1 apr-util - security update
{CVE-2017-12618}
[wheezy] - apr-util 1.4.1-3+deb7u1
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-07 10:20:25 UTC (rev 57399)
+++ data/dla-needed.txt 2017-11-07 11:36:21 UTC (rev 57400)
@@ -63,10 +63,6 @@
NOTE: For CVE-2017-14409, https://security-tracker.debian.org/tracker/CVE-2017-9872 might be of interest, files are very similar
NOTE: adapting/writing patches seems to be very time consuming, mp3gain is dead upstream so this might be a candidate for no-dsa -- Hugo Lefeuvre
--
-mupdf (Markus Koschany)
- NOTE: signedness checks in xps_read_zip_dir are missing (CVE-2017-14686)
- NOTE: and xml_tag doesn't do a NULL check (CVE-2017-14687)
---
mysql-connector-python
NOTE: 20170927: Wait for more issues (see ML: https://lists.debian.org/debian-lts/2017/08/msg00039.html) -- Hugo Lefeuvre
--
More information about the Secure-testing-commits
mailing list