[Git][security-tracker-team/security-tracker][master] dla-needed: update notes on my claimed packages

Hugo Lefeuvre hle at debian.org
Sat Jan 11 08:35:29 GMT 2020 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74653fcd by Hugo Lefeuvre at 2020-01-11T09:35:18+01:00
dla-needed: update notes on my claimed packages

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -18,7 +18,11 @@ ansible
 apache-log4j1.2 (Markus Koschany)
 --
 clamav (Hugo Lefeuvre)
-  NOTE: 20191227: waiting for 0.102.1 to enter stretch/buster.
+  NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.
+  NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration
+  NOTE: does not seem very smooth from the perspective of users. The release
+  NOTE: team would like to wait for an init script for the new clamonacc
+  NOTE: binary, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946557
 --
 gpac
   NOTE: 20200105: All open issues are unfixed. Adding it here for future
@@ -43,6 +47,8 @@ libexif (Hugo Lefeuvre)
   NOTE: 20191201: Pinged the upstream yet again. (utkarsh2102)
   NOTE: 20191216: The android patch does not apply but is easy to manually apply. (ola)
   NOTE: 20191216: The problem is the file to trigger the fault is not known. (ola)
+  NOTE: 20200111: Investigated the issue, currently in contact with Ray Essick @google
+  NOTE: 20200111: to get access to the reproducer. (hle)
 --
 libjackson-json-java (Adrian Bunk)
   NOTE: 20191230: work is ongoing
@@ -78,7 +84,7 @@ opendmarc (Thorsten Alteholz)
   NOTE: 20200105: still testing package, original patch does not seem to be enough, still ongoing
 --
 python-reportlab (Hugo Lefeuvre)
-  NOTE: 20191227: still no upstream fix
+  NOTE: 20200111: still no upstream fix
 --
 radare2
   NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
@@ -128,7 +134,9 @@ x2goclient
   NOTE: 20191221: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d1
 --
 xcftools (Hugo Lefeuvre)
-  NOTE: wrote a patch + reproducer for CVE-2019-5086, waiting for review.
+  NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for review.
+  NOTE: but I might just not receive any review any time soon, so I will now attempt to
+  NOTE: fix the second issue and move on with the update.
 --
 xen
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74653fcd9093a37d7a28b1ccef8adfd03551fd44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74653fcd9093a37d7a28b1ccef8adfd03551fd44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200111/cf9eaa0c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list