[Secure-testing-commits] r57854 - data
Guido Guenther
agx at moszumanska.debian.org
Mon Nov 20 15:54:54 UTC 2017
Author: agx
Date: 2017-11-20 15:54:54 +0000 (Mon, 20 Nov 2017)
New Revision: 57854
Modified:
data/dla-needed.txt
Log:
lts: update vorbis status
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-20 15:08:38 UTC (rev 57853)
+++ data/dla-needed.txt 2017-11-20 15:54:54 UTC (rev 57854)
@@ -22,7 +22,7 @@
NOTE: 20171031: No details available. Asked upstream for clarification.
--
lame (Hugo Lefeuvre)
- NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46}
+ NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46}
NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines.
NOTE: Instead, lame's maintainer will switch jessie to also use libsndfile in the next Jessie
NOTE: point update, simply forward the changes to Wheezy (this should fix almost all open CVEs).
@@ -49,9 +49,9 @@
NOTE: there are some new CVEs now as well
--
libvorbis (Guido Günther)
- NOTE: 20170829: no fix available yet
- NOTE: Fixes for most of the issues submitted upstream to libvorbis, sox,
- NOTE: awaiting feedback
+ NOTE: 20171120: Fixes for issues submitted upstream to libvorbis,
+ NOTE: theora and sox. Awaiting feedback. Underlying reason for CVE-2017-14160
+ NOTE: unclear.
--
libxml2 (Thorsten Alteholz)
NOTE: bugfix needs confirmation by upstream
More information about the Secure-testing-commits
mailing list