[Secure-testing-commits] r58154 - in data: . DLA
Markus Koschany
apo at moszumanska.debian.org
Thu Nov 30 20:51:27 UTC 2017
Author: apo
Date: 2017-11-30 20:51:27 +0000 (Thu, 30 Nov 2017)
New Revision: 58154
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1197-1 for sox
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-11-30 19:54:09 UTC (rev 58153)
+++ data/DLA/list 2017-11-30 20:51:27 UTC (rev 58154)
@@ -1,3 +1,6 @@
+[30 Nov 2017] DLA-1197-1 sox - security update
+ {CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371}
+ [wheezy] - sox 14.4.0-3+deb7u2
[30 Nov 2017] DLA-1196-1 optipng - security update
{CVE-2017-16938}
[wheezy] - optipng 0.6.4-1+deb7u4
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-30 19:54:09 UTC (rev 58153)
+++ data/dla-needed.txt 2017-11-30 20:51:27 UTC (rev 58154)
@@ -82,15 +82,6 @@
NOTE: 2017-09-04: Maintainer will handle this.
NOTE: https://lists.debian.org/debian-lts/2017/09/msg00010.html
--
-sox (Markus Koschany)
- NOTE: No patches. Contacted upstream. Waiting for feedback
- NOTE: > 12% of sponsors use sox hence I have decided to add it here.
- NOTE: https://sourceforge.net/p/sox/bugs/296/
- NOTE: 2017-09-01: pinged upstream (Markus)
- NOTE: please check https://bugs.debian.org/882236 too (but please note that
- NOTE: the CVE is specifically assigned for libvorbis, so do not reuse the
- NOTE: CVE when applying the fix)
---
suricata
NOTE: 2017-10-27: At a quick glance, I can't see that this is vulnerable. --lamby
--
More information about the Secure-testing-commits
mailing list