[Secure-testing-commits] r57682 - data
Hugo Lefeuvre
hle at moszumanska.debian.org
Thu Nov 16 16:47:58 UTC 2017
Author: hle
Date: 2017-11-16 16:47:58 +0000 (Thu, 16 Nov 2017)
New Revision: 57682
Modified:
data/dla-needed.txt
Log:
Update lame, libav and ming entries in dla-needed.
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-16 13:34:51 UTC (rev 57681)
+++ data/dla-needed.txt 2017-11-16 16:47:58 UTC (rev 57682)
@@ -22,11 +22,13 @@
NOTE: 20171031: No details available. Asked upstream for clarification.
--
lame (Hugo Lefeuvre)
- NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release 3.100 ?
- NOTE: https://lists.debian.org/debian-lts/2017/09/msg00082.html
+ NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46}
+ NOTE: 20171116: 3.100 available: check with the security team whether a backport is possible or not
+ NOTE: (since Stretch isn't affected by these issues they are probably not going to accept
+ NOTE: a backport to Stretch, which will therefore make a backport to Jessie/Wheezy impossible).
--
libav (Hugo Lefeuvre)
- NOTE: Diego Biurrun (from the libav team) is working on patches.
+ NOTE: 20171116: Diego Biurrun (from the libav team) is working on patches.
--
libextractor
NOTE: not all patches available, so didn't bothered maintainer yet
@@ -56,7 +58,7 @@
linux
--
ming (Hugo Lefeuvre)
- NOTE: 20171014: wip, currently working on it with upstream, might take a while
+ NOTE: 20171116: wip, currently working on it with upstream, might take a while
--
mp3gain
NOTE: Successfully reproduced CVE-2017-144{09, 07} but couldn't reproduce CVE-2017-144{06, 08, 10, 11, 12} (valgrind in Wheezy, gcc+asan in Jessie).
More information about the Secure-testing-commits
mailing list