[Secure-testing-commits] r56046 - in data: . CVE
Emilio Pozuelo Monfort
pochu at moszumanska.debian.org
Sat Sep 23 10:31:53 UTC 2017
Author: pochu
Date: 2017-09-23 10:31:52 +0000 (Sat, 23 Sep 2017)
New Revision: 56046
Modified:
data/CVE/list
data/dla-needed.txt
Log:
follow stretch/jessie and mark remaining fontforge issues as no-dsa for wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-23 10:16:29 UTC (rev 56045)
+++ data/CVE/list 2017-09-23 10:31:52 UTC (rev 56046)
@@ -8640,6 +8640,7 @@
- fontforge <unfixed> (low; bug #873588)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
+ [wheezy] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/3098
CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
{DSA-3958-1 DLA-1065-1}
@@ -8654,6 +8655,7 @@
- fontforge <unfixed> (low; bug #873587)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
+ [wheezy] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/3097
CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
{DSA-3958-1 DLA-1065-1}
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-23 10:16:29 UTC (rev 56045)
+++ data/dla-needed.txt 2017-09-23 10:31:52 UTC (rev 56046)
@@ -44,9 +44,6 @@
exiv2 (Raphaël Hertzog)
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later
--
-fontforge (Emilio Pozuelo)
- NOTE: 20170826: no upstream fix yet
---
git-annex
NOTE: The upstream patch modifies some ssh modules that are not present in
NOTE: wheezy version. I cannot reproduce it, needs to find a way to check
More information about the Secure-testing-commits
mailing list