Author: agx
Date: 2017-11-20 15:54:54 +0000 (Mon, 20 Nov 2017)
New Revision: 57854
Modified:
data/dla-needed.txt
Log:
lts: update vorbis status
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-20 15:08:38 UTC (rev 57853)
+++ data/dla-needed.txt 2017-11-20 15:54:54 UTC (rev 57854)
@@ -22,7 +22,7 @@
NOTE: 20171031: No details available. Asked upstream for clarification.
--
lame (Hugo Lefeuvre)
- NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
+ NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines.
NOTE: Instead, lame's maintainer will switch jessie to also use libsndfile
in the next Jessie
NOTE: point update, simply forward the changes to Wheezy (this should fix
almost all open CVEs).
@@ -49,9 +49,9 @@
NOTE: there are some new CVEs now as well
--
libvorbis (Guido Günther)
- NOTE: 20170829: no fix available yet
- NOTE: Fixes for most of the issues submitted upstream to libvorbis, sox,
- NOTE: awaiting feedback
+ NOTE: 20171120: Fixes for issues submitted upstream to libvorbis,
+ NOTE: theora and sox. Awaiting feedback. Underlying reason for CVE-2017-14160
+ NOTE: unclear.
--
libxml2 (Thorsten Alteholz)
NOTE: bugfix needs confirmation by upstream
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
