Reserve DLA-2772-1 for taglib

3 files changed, 3 insertions, 4 deletions

diff --git a/data/CVE/list b/data/CVE/list
index a7fe99137d..95ec3cffbe 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -213536,7 +213536,6 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function
 CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLi ...)
 	{DLA-1430-1}
 	- taglib 1.11.1+dfsg.1-0.3 (bug #903847)
-	[stretch] - taglib <no-dsa> (Minor issue)
 	NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
 	NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868
 	NOTE: Pull request: https://github.com/taglib/taglib/pull/869
@@ -260259,7 +260258,6 @@ CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delc
 	NOT-FOR-US: NexusPHP
 CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefac ...)
 	- taglib 1.11.1+dfsg.1-0.2 (bug #871511)
-	[stretch] - taglib <no-dsa> (Minor issue)
 	[jessie] - taglib <not-affected> (Vulnerable code not present)
 	[wheezy] - taglib <not-affected> (Vulnerable code not present)
 	- silverjuke <not-affected> (Vulnerable code not present, based on older taglib version)
diff --git a/data/DLA/list b/data/DLA/list
index 481a42262f..f3f36e3eea 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[30 Sep 2021] DLA-2772-1 taglib - security update
+	{CVE-2017-12678 CVE-2018-11439}
+	[stretch] - taglib 1.11.1+dfsg.1-0.3+deb9u1
 [30 Sep 2021] DLA-2771-1 krb5 - security update
 	{CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
 	[stretch] - krb5 1.15-1+deb9u3
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index aeaa1e0cdf..b7bded36b7 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -103,7 +103,5 @@ smarty3
 squashfs-tools (Thorsten Alteholz)
   NOTE: 20210926: coordinate with upload to other releases
 --
-taglib (Adrian Bunk)
---
 tiff (Utkarsh)
 --