[Git][security-tracker-team/security-tracker][master] Update dla-needed entries for ming, lame and libav

Hugo Lefeuvre hle at debian.org
Wed May 30 03:14:19 BST 2018 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24df9010 by Hugo Lefeuvre at 2018-05-29T22:13:25-04:00
Update dla-needed entries for ming, lame and libav

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -20,20 +20,23 @@ firefox-esr (Emilio Pozuelo)
   NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
 --
 lame (Hugo Lefeuvre)
-  NOTE: 20180515: Patch available and tested. Will coordinate with Fabian to provide Wheezy and Jessie uploads for the next Jessie point release.
+  NOTE: 20180529: Tested patch ready for upload. Waiting for feedback from the security team.
+  NOTE: See https://lists.debian.org/debian-lts/2018/05/msg00081.html
 --
 libav (Hugo Lefeuvre)
   NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop.
   NOTE: 20180118: It is unlikely that he will start again in the next weeks.
   NOTE: 20180118: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
-  NOTE: 20180118: Help is welcome, feel free to mail Hugo.
+  NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. Help needed for CVE triage and patch development.
+  NOTE: 20180529: Just contacted some of the CVE reporters to ask for the reproducers, CC-ed team ML.
 --
 linux
 --
 ming (Hugo Lefeuvre)
-  NOTE: 20180515: wip, currently working on it with upstream. Lots of fuzzing noise,
-  NOTE: many duplicate issues. Currently working on the next upload which will fix a
-  NOTE: batch of 5-6 CVEs.
+  NOTE: 20180529: wip, currently working on it with upstream. Lots of fuzzing noise,
+  NOTE: many duplicate issues. I'm currently working on the next upload, which will fix
+  NOTE: another batch of CVEs. It will most likely not be ready until Wheezy EOL, but I
+  NOTE: will upload it for ELTS.
 --
 openjdk-7 (Emilio Pozuelo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24df90101ed4b03e7397c52dad82796468ebe492

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24df90101ed4b03e7397c52dad82796468ebe492
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180530/9759b4bf/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list