Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 30fd584b by Chris Lamb at 2018-04-15T22:02:37+01:00 data/dla-needed.txt: Add some missing dates/names in comments. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -13,33 +13,38 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues apache2 (Roberto C. Sánchez) -- calibre - NOTE: 20180321: Instead of replacing pickle with json, maybe disable bookmarking - NOTE: 20180321: completely and invest the time to fix the Jessie version instead? + NOTE: 20180321: Instead of replacing pickle with json, maybe disable bookmarking (apo) + NOTE: 20180321: completely and invest the time to fix the Jessie version instead? (apo) -- cups - NOTE: 20180318: not clear whether patch is fine, so no email to maintainer sent + NOTE: 20180318: not clear whether patch is fine, so no email to maintainer sent (alteholz) -- firebird2.5 NOTE: 20180411: no fix available upstream for CVE-2017-11509 NOTE: 20180412: see <capv8svxahya2kssyvztahsb7fk9cfvewhsuo5qhdxvr3uf2...@mail.gmail.com> (lamby) -- gcc-4.6 (Roberto C. Sánchez) - NOTE: 20180215: Backport the retpoline support for spectre mitigation. - NOTE: 20180215: Coordinate with jmm who started the work for gcc-4.9 in jessie. + NOTE: 20180215: Backport the retpoline support for spectre mitigation. (buxy) + NOTE: 20180215: Coordinate with jmm who started the work for gcc-4.9 in jessie. (buxy) NOTE: 20180215: This gcc version is used by the kernel build. Its update is - NOTE: 20180215: thus more important than the one of gcc-4.7. + NOTE: 20180215: thus more important than the one of gcc-4.7. (buxy) -- gcc-4.7 (Roberto C. Sánchez) - NOTE: Backport the retpoline support for spectre mitigation. - NOTE: Do we want/need it on this gcc version as well? + NOTE: 20180215: Backport the retpoline support for spectre mitigation. (buxy) + NOTE: 20180215: Do we want/need it on this gcc version as well? (buxy) -- +<<<<<<< HEAD jruby (Markus Koschany) NOTE: see rubygems/ruby1.9.1 +======= +jruby + NOTE: 20180411: see rubygems/ruby1.9.1 (anarcat) +>>>>>>> data/dla-needed.txt: Add some missing dates/names in comments. -- krb5 - NOTE: lts-do-not-call - NOTE: Details not public yet. Security team in contact with upstream. - NOTE: See also https://lists.debian.org/msgid-search/20180208212643.GB7792@pisco.westfalen.local + NOTE: 20180131: lts-do-not-call + NOTE: 20180411: Details not public yet. Security team in contact with upstream. (anarcat) + NOTE: 20180411: See also https://lists.debian.org/msgid-search/20180208212643.GB7792@pisco.westfalen.local (anarcat) -- lame (Hugo Lefeuvre) NOTE: 20180317: Patch available and tested. However I am probably not going to upload it since the security team is not @@ -54,8 +59,8 @@ libav (Hugo Lefeuvre) libmad (Kurt Roeckx) -- libvorbis - NOTE: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback on this issue. - NOTE: Fixes for other CVEs applied upstream and in sid. + NOTE: 20171229: Underlying reason for CVE-2017-14160 yet unclear, no upstream feedback on this issue. (agx) + NOTE: 20171229: Fixes for other CVEs applied upstream and in sid. (agx) -- linux -- @@ -77,19 +82,20 @@ ruby1.9.1 (Santiago R.R.) NOTE: 20180402: Also vulnerable to CVE-2018-1000074. (lamby) -- sharutils (Abhijith PA) - NOTE: 20180318: no patch available yet, so no email to maintainer sent + NOTE: 20180318: no patch available yet, so no email to maintainer sent (alteholz) -- slurm-llnl (Thorsten Alteholz) -- tiff (Hugo Lefeuvre) - NOTE: incomplete fix of CVE-2017-18013, see CVE-2018-7456. + NOTE: 20180306: incomplete fix of CVE-2017-18013, see CVE-2018-7456. -- tiff3 -- wireshark (Thorsten Alteholz) -- wordpress - NOTE: 20180217: Upstream unsure how to fix at the moment (lamby) - NOTE: 20180221: Upstream still unsure how to fix (lamby) - NOTE: 20180311: Upstream still unsure how to fix. <https://core.trac.wordpress.org/ticket/43308> (lamby) + NOTE: 20180217: Upstream unsure how to fix CVE-2018-638 at the moment (lamby) + NOTE: 20180221: Upstream still unsure how to fix CVE-2018-638 (lamby) + NOTE: 20180311: Upstream still unsure how to fix CVE-2018-638. <https://core.trac.wordpress.org/ticket/43308> (lamby) + NOTE: 20180415: (Other CVEs pending, however) (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30fd584b03d9a6d1922267c9291448f70f00e620 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30fd584b03d9a6d1922267c9291448f70f00e620 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits