[Secure-testing-commits] r55554 - data
Hugo Lefeuvre
hle at moszumanska.debian.org
Thu Sep 7 19:57:46 UTC 2017
Author: hle
Date: 2017-09-07 19:57:46 +0000 (Thu, 07 Sep 2017)
New Revision: 55554
Modified:
data/dla-needed.txt
Log:
update lame entry in dla-needed
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-07 19:49:24 UTC (rev 55553)
+++ data/dla-needed.txt 2017-09-07 19:57:46 UTC (rev 55554)
@@ -77,11 +77,9 @@
NOTE: 20170813: still no patch available yet
--
lame (Hugo Lefeuvre)
- NOTE: 20170831: no patch yet, CVE-2017-{69-72} not reproducible.
- NOTE: Contacted original reporter to get more informations about build conditions:
- NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
- NOTE: Opened bug reports on upstream's bug tracker: https://sourceforge.net/p/lame/bugs/475/
- NOTE: Patch is available for CVE-2017-13712, but wait for more infos about CVE-2017-{69-72}
+ NOTE: 20170907: Upstream claims to have reproduced and fixed CVE-2017-{69-72}. asan outputs
+ NOTE: are not exactly identical, wait for more infos.
+ NOTE: Patch is available for CVE-2017-13712, but wait for CVE-2017-{69-72}
--
ledger
NOTE: The maintainer will not do an update.
More information about the Secure-testing-commits
mailing list