[Git][security-tracker-team/security-tracker][master] dla-needed: remove pound

Mon Jul 22 23:21:23 BST 2019


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d70271c3 by Hugo Lefeuvre at 2019-07-22T22:14:51Z
dla-needed: remove pound

I don't know exactly why pound was added to dla-needed. It was triaged
no-dsa a long while ago, and I have no reasons to believe that we should
spend more time on it.

CVE-2016-10711 is not a critical issue. It might only have an impact in
complex attacks chaining vulnerabilities in other software. The patch is
not trivial. Better alternatives exist (pound was removed from testing
quite recently, see #891248).

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -85,11 +85,6 @@ patch (Thorsten Alteholz)
 --
 php5
 --
-pound (Hugo Lefeuvre)
-  NOTE: 20190715: https://salsa.debian.org/debian/pound/blob/jessie/debian/patches/0009-CVE-2016-1071.patch
-  NOTE: check, not sure why this is still in dla-needed since the only issue was triaged no-dsa in
-  NOTE: jessie (hle)
---
 proftpd-dfsg (Markus Koschany)
 --
 python2.7 (Thorsten Alteholz)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d70271c392429129f32a46d658d11e3a63116eb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d70271c392429129f32a46d658d11e3a63116eb6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190722/166adadc/attachment-0001.html>
