Author: pochu
Date: 2017-09-23 10:31:52 +0000 (Sat, 23 Sep 2017)
New Revision: 56046
Modified:
data/CVE/list
data/dla-needed.txt
Log:
follow stretch/jessie and mark remaining fontforge issues as no-dsa for wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-23 10:16:29 UTC (rev 56045)
+++ data/CVE/list 2017-09-23 10:31:52 UTC (rev 56046)
@@ -8640,6 +8640,7 @@
- fontforge <unfixed> (low; bug #873588)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
+ [wheezy] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/3098
CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer
over-read in ...)
{DSA-3958-1 DLA-1065-1}
@@ -8654,6 +8655,7 @@
- fontforge <unfixed> (low; bug #873587)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
+ [wheezy] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/3097
CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer
over-read in ...)
{DSA-3958-1 DLA-1065-1}
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-23 10:16:29 UTC (rev 56045)
+++ data/dla-needed.txt 2017-09-23 10:31:52 UTC (rev 56046)
@@ -44,9 +44,6 @@
exiv2 (Raphaƫl Hertzog)
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
--
-fontforge (Emilio Pozuelo)
- NOTE: 20170826: no upstream fix yet
---
git-annex
NOTE: The upstream patch modifies some ssh modules that are not present in
NOTE: wheezy version. I cannot reproduce it, needs to find a way to check
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
