Author: mejo Date: 2017-04-14 17:27:46 +0000 (Fri, 14 Apr 2017) New Revision: 50676
Modified: data/dla-needed.txt Log: give back libical and putty Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-04-14 17:01:39 UTC (rev 50675) +++ data/dla-needed.txt 2017-04-14 17:27:46 UTC (rev 50676) @@ -36,9 +36,11 @@ NOTE: Upstream should provide new point-releases fixing open security issues in the next months. NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML) -- -libical (Jonas Meurer) +libical NOTE: No known solution as of 2017-01-16. NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby) + NOTE: Unclear, which reproducer belongs to which bug. + -- libplist NOTE: 20170324: more information needed for open CVEs. @@ -91,7 +93,11 @@ NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not NOTE: a bug (see #843861). -- -putty (Jonas Meurer) +putty + NOTE: 2017-04-14: CVE-2017-6542 is only exploitable by a malicious server + NOTE: with SSH agent forwarding enabled. In this case, the client is in + NOTE: serious problem anyway. Backporting the fix is non-trivial. Asked the + NOTE: putty maintainer for help/advice, but no response yet. -- Jonas Meurer -- qbittorrent (Thorsten Alteholz) -- _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
