[Git][security-tracker-team/security-tracker][master] Reserve DLA-1630-1 for libav

Mon Jan 7 20:15:09 GMT 2019

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f4e184b by Markus Koschany at 2019-01-07T20:14:58Z
Reserve DLA-1630-1 for libav

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Jan 2019] DLA-1630-1 libav - security update
+	{CVE-2017-9993 CVE-2017-9994 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14170 CVE-2017-14171 CVE-2017-14767 CVE-2017-15672 CVE-2017-17130 CVE-2018-6621 CVE-2018-7557 CVE-2018-14394 CVE-2018-1999010}
+	[jessie] - libav 6:11.12-1~deb8u4
 [06 Jan 2019] DLA-1629-1 python-django - security update
 	{CVE-2019-3498}
 	[jessie] - python-django 1.7.11-1+deb8u4


=====================================
data/dla-needed.txt
=====================================
@@ -57,21 +57,6 @@ imagemagick
 krb5 (Thorsten Alteholz)
   NOTE: 20181230: probably some no-dsa should be fixed
 --
-libav (Markus Koschany, Mike Gabriel)
-  NOTE: 20181129: More than one contributor can work on libav at the same time.
-  NOTE: 20181129: First priority should be to find more information about the
-  NOTE: 20181129: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
-  NOTE: 20181130: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
-  NOTE: 20181130: #debian-lts.
-  NOTE: 20181130: CVE-2016-5115: patch unavailable (needs revisiting), issue reproducible, no-dsa (needs revisiting)
-  NOTE: 20181206: CVE-2016-9823: no patch available, PoC available (needs testing), currently <no-dsa>
-  NOTE: 20181206: CVE-2016-9824: no patch available, PoC available (needs testing), currently <no-dsa>
-  NOTE: 20181206: CVE-2016-9825: no patch available, PoC available (needs testing), currently <ignored>
-  NOTE: 20181206: CVE-2016-9826: no patch available, PoC available (needs testing), currently <ignored>
-  NOTE: 20181220: All CVEs from 2015 and 2016 that have been +/- "easily" addressable have been uploaded (+deb8u3).
-  NOTE: 20181220: Markus Koschany will now work on CVEs from 2017 and 2018 at the end of December.
-  NOTE: 20181220: Then, in January, we will see what's left and if anything else is "easily" doable.
----
 libcaca (Markus Koschany)
 --
 libraw (Abhijith PA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f4e184be8f6c2f98bba87b247aec89ceaf26ac4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5f4e184be8f6c2f98bba87b247aec89ceaf26ac4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190107/73bb5421/attachment-0001.html>
