Author: bam Date: 2017-11-06 04:39:52 +0000 (Mon, 06 Nov 2017) New Revision: 57356
Modified: data/CVE/list data/dla-needed.txt Log: Mark pngcrush no-DSA It is already no-DSA for Stretch and Jessie. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-06 04:26:08 UTC (rev 57355) +++ data/CVE/list 2017-11-06 04:39:52 UTC (rev 57356) @@ -81325,6 +81325,7 @@ - pngcrush <unfixed> (bug #874109) [stretch] - pngcrush <no-dsa> (Minor issue) [jessie] - pngcrush <no-dsa> (Minor issue) + [wheezy] - pngcrush <no-dsa> (Minor issue) NOTE: http://sourceforge.net/p/pmt/code/ci/e8ae5a842e86324f0bee91f4d98245fddb8ea5dd (1.7.87) CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...) {DSA-3386-1 DLA-330-1} Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-11-06 04:26:08 UTC (rev 57355) +++ data/dla-needed.txt 2017-11-06 04:39:52 UTC (rev 57356) @@ -79,10 +79,6 @@ NOTE: I assume Kurt Roeckx will take care of it again. NOTE: 1.0.1t-1+deb7u3 by Kurt Roeckx, DLA number already reserved, but upload missing -- -pngcrush - NOTE: CVE-2015-7700: the problematic call to png_free_data() is present - NOTE: in wheezy but it's not clear to me where the other call to free() is. --- poppler (Emilio Pozuelo) NOTE: not fixed in sid yet so did not ping maintainer NOTE: drawForm is doForm1 in wheezy _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits