[Git][security-tracker-team/security-tracker][master] dla-needed: update notes for clamav, python-reportlab and xcftools

Hugo Lefeuvre hle at debian.org
Mon Jan 27 11:03:58 GMT 2020 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99c3bff4 by Hugo Lefeuvre at 2020-01-27T12:03:36+01:00
dla-needed: update notes for clamav, python-reportlab and xcftools

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -12,8 +12,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 --
 cacti (Chris Lamb)
 --
-clamav
-  NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.
+clamav (Hugo Lefeuvre)
+  NOTE: 20200127: waiting for 0.102.1 to enter stretch/buster.
   NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration
   NOTE: does not seem very smooth from the perspective of users. The release
   NOTE: team would like to wait for an init script for the new clamonacc
@@ -84,8 +84,8 @@ openjpeg2 (Mike Gabriel)
 --
 python-pysaml2 (Abhijith PA)
 --
-python-reportlab
-  NOTE: 20200111: still no upstream fix
+python-reportlab (Hugo Lefeuvre)
+  NOTE: 20200127: upstream fix was published, but potentially unsuitable. currently investigating.
 --
 qemu (Utkarsh Gupta)
   NOTE: 20200118: embedded libslirp in qemu/jessie is affected. (sunweaver)
@@ -139,10 +139,11 @@ wordpress
   NOTE: 20200118: Maybe affected, needs deeper triaging, no obvious commits
   NOTE: 20200118: referenced upstream. (sunweaver)
 --
-xcftools
+xcftools (Hugo Lefeuvre)
   NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for review.
   NOTE: but I might just not receive any review any time soon, so I will now attempt to
   NOTE: fix the second issue and move on with the update.
+  NOTE: 20200127: ongoing
 --
 xen
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99c3bff48a352fa3fdd78da34a262da0fd6088eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/99c3bff48a352fa3fdd78da34a262da0fd6088eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200127/3188fef3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list