Thanks Ola.

Emilio, can you confirm your latest upload also addresses CVE-2019-2697?

It's MITRE page points to:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
"Mateusz Jurczyk of Google Project Zero: CVE-2019-2697, CVE-2019-2698"

which also references CVE-2019-2698, which DLA-1782-1 addressed.
So it is likely that this is an oversight in data/CVE/list, as the
upload was a new upstream version (i.e. not cherry-picking).

Cheers!
Sylvain

On 13/05/2019 17:00, Ola Lundqvist wrote:
> Hi Sylvain
>
> It was meant to consider CVE-2019-2697.
> I do not know anything about re-consider this CVE as nothing has been
> noted to that CVE that it has been ignored or should be treated in
> some other way.
>
> // Ola 
>
> On Mon, 13 May 2019 at 10:57, Sylvain Beucler <b...@beuc.net
> <mailto:b...@beuc.net>> wrote:
>
>     Hi,
>
>     openjdk-7 is back in dla-needed.txt with the commit message "Sounds
>     serious enough".
>     However it was re-added the day after DLA-1782-1 and there's no
>     new CVE
>     since.
>
>     Was it an oversight, or was it meant to reconsider
>     https://security-tracker.debian.org/tracker/CVE-2019-2697 which wasn't
>     addressed by that DLA?
>
>     Cheers!
>     Sylvain
>
>
>
> -- 
>  --- Inguza Technology AB --- MSc in Information Technology ----
> |  o...@inguza.com <mailto:o...@inguza.com>                 
>   o...@debian.org <mailto:o...@debian.org>            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
>  ---------------------------------------------------------------
>

Reply via email to