[Git][security-tracker-team/security-tracker][master] Reserve DLA-2553-1 for xcftools

Markus Koschany apo at debian.org
Tue Feb 9 22:48:54 GMT 2021 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
695d51fe by Markus Koschany at 2021-02-09T23:48:48+01:00
Reserve DLA-2553-1 for xcftools

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Feb 2021] DLA-2553-1 xcftools - security update
+	{CVE-2019-5086 CVE-2019-5087}
+	[stretch] - xcftools 1.0.7-6+deb9u1
 [09 Feb 2021] DLA-2552-1 connman - security update
 	{CVE-2021-26675 CVE-2021-26676}
 	[stretch] - connman 1.33-3+deb9u2


=====================================
data/dla-needed.txt
=====================================
@@ -95,13 +95,5 @@ spotweb
 --
 wpa (Thorsten Alteholz)
 --
-xcftools (Markus Koschany)
-  NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle)
-  NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch
-  NOTE: 20200414: from 20200111 as incomplete, but with suggestion on improvement. (lamby)
-  NOTE: 20200517: work is ongoing. (gladk)
-  NOTE: 20200523: Proposed fix https://github.com/j-jorge/xcftools/pull/15 (gladk)
-  NOTE: 20200605: Patch https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch (gladk)
---
 xmlbeans (Roberto C. Sánchez)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/695d51fe509cea6a15c1c90d2945d4ac2fda9af3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/695d51fe509cea6a15c1c90d2945d4ac2fda9af3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210209/713346e0/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list