Author: pochu Date: 2017-09-23 10:31:52 +0000 (Sat, 23 Sep 2017) New Revision: 56046
Modified: data/CVE/list data/dla-needed.txt Log: follow stretch/jessie and mark remaining fontforge issues as no-dsa for wheezy Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-23 10:16:29 UTC (rev 56045) +++ data/CVE/list 2017-09-23 10:31:52 UTC (rev 56046) @@ -8640,6 +8640,7 @@ - fontforge <unfixed> (low; bug #873588) [stretch] - fontforge <no-dsa> (Minor issue) [jessie] - fontforge <no-dsa> (Minor issue) + [wheezy] - fontforge <no-dsa> (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/3098 CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...) {DSA-3958-1 DLA-1065-1} @@ -8654,6 +8655,7 @@ - fontforge <unfixed> (low; bug #873587) [stretch] - fontforge <no-dsa> (Minor issue) [jessie] - fontforge <no-dsa> (Minor issue) + [wheezy] - fontforge <no-dsa> (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/3097 CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...) {DSA-3958-1 DLA-1065-1} Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-09-23 10:16:29 UTC (rev 56045) +++ data/dla-needed.txt 2017-09-23 10:31:52 UTC (rev 56046) @@ -44,9 +44,6 @@ exiv2 (Raphaƫl Hertzog) NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later -- -fontforge (Emilio Pozuelo) - NOTE: 20170826: no upstream fix yet --- git-annex NOTE: The upstream patch modifies some ssh modules that are not present in NOTE: wheezy version. I cannot reproduce it, needs to find a way to check _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits