[Secure-testing-commits] r55365 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Sep 1 14:42:18 UTC 2017
Author: hertzog
Date: 2017-09-01 14:42:18 +0000 (Fri, 01 Sep 2017)
New Revision: 55365
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add libidn and libidn2-0 to dla-needed.txt
I hesitated to mark this as no-dsa but give this is about URL and that
we embed URLs everywhere, I think we should just fix this issue even if
the impact is not entirely clear.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-01 14:40:14 UTC (rev 55364)
+++ data/CVE/list 2017-09-01 14:42:18 UTC (rev 55365)
@@ -109,6 +109,7 @@
- libidn2-0 <unfixed> (bug #873904)
[stretch] - libidn2-0 <not-affected> (Vulnerable code not present)
[jessie] - libidn2-0 <not-affected> (Vulnerable code not present)
+ [wheezy] - libidn2-0 <not-affected> (Vulnerable code not present)
- libidn <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-01 14:40:14 UTC (rev 55364)
+++ data/dla-needed.txt 2017-09-01 14:42:18 UTC (rev 55365)
@@ -91,6 +91,10 @@
--
libgd2 (Emilio Pozuelo)
--
+libidn
+--
+libidn2-0
+--
libmad
NOTE: Kurt wants to upload in case of available patches
--
More information about the Secure-testing-commits
mailing list