diff options
author | Adrian Bunk <bunk@debian.org> | 2020-06-30 22:19:53 +0300 |
---|---|---|
committer | Adrian Bunk <bunk@debian.org> | 2020-06-30 22:19:53 +0300 |
commit | 4affac49e307e4b18c478eee5ec255209d3a3675 (patch) | |
tree | 3915a55f270f5a35327efee0343dac18d455607f | |
parent | 8dd845b147139dcca59b372b0a15702f1fede55e (diff) |
Reserve DLA-2267-1 for libmatio
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 13 |
2 files changed, 3 insertions, 13 deletions
diff --git a/data/DLA/list b/data/DLA/list index fd6a76ab0f..2b9a92a053 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[30 Jun 2020] DLA-2267-1 libmatio - security update + {CVE-2019-17533} + [jessie] - libmatio 1.5.2-3+deb8u1 [30 Jun 2020] DLA-2266-1 nss - security update {CVE-2020-12399 CVE-2020-12402} [jessie] - nss 2:3.26-1+debu8u11 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index f68fc38a9c..11c23249cf 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -67,19 +67,6 @@ libdatetime-timezone-perl NOTE: 20200620: There is no security issue with the package. What we want to do is to provide an up to date timezone NOTE: 20200620: database but that is not urgent. We want to provide 2020a-0+deb8u1. (according to email, node added by ola) -- -libmatio (Adrian Bunk) - NOTE: fairly high number of open issues. Not sure why we never had a look at them. - NOTE: triage work needed, help security team for fixes if needed. - NOTE: 20190428: most patches can be applied after context adaption - NOTE: 20190428: all CVEs are from one fuzzing attempt - NOTE: 20190428: some CVE testcases pass on the unpatched version, - NOTE: 20190428: but since the fixes can be made applied the code - NOTE: 20190428: is likely vulnerable - NOTE: 20190428: some CVE testcases still fail after applying the fix, - NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200615: work is ongoing (bunk) - NOTE: 20200629: pending release (bunk) --- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) |