Update libmatio status

author: Adrian Bunk <bunk@debian.org> 2019-04-28 17:55:43 +0300
committer: Adrian Bunk <bunk@debian.org> 2019-04-28 17:55:43 +0300
commit: 7d09d36dde25e6503a879196e6fdc26212cf198e (patch)
tree: 6909aeda3197fd7d41973a281908e34385583def /data
parent: a77c11fe2d0e3a564362cd1a82bf7551d8ad31bb (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 3de4396aea..d7a5b73a7f 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -86,7 +86,13 @@ liblivemedia (Hugo Lefeuvre)
 libmatio (Adrian Bunk)
   NOTE: fairly high number of open issues. Not sure why we never had a look at them.
   NOTE: triage work needed, help security team for fixes if needed.
-  NOTE: 20190413: work ongoing
+  NOTE: 20190428: most patches can be applied after context adaption
+  NOTE: 20190428: all CVEs are from one fuzzing attempt
+  NOTE: 20190428: some CVE testcases pass on the unpatched version,
+  NOTE: 20190428: but since the fixes can be made applied the code
+  NOTE: 20190428: is likely vulnerable
+  NOTE: 20190428: some CVE testcases still fail after applying the fix,
+  NOTE: 20190428: older changes seem to also be required for them
 --
 libspring-security-2.0-java
 --
author	Adrian Bunk <bunk@debian.org>	2019-04-28 17:55:43 +0300
committer	Adrian Bunk <bunk@debian.org>	2019-04-28 17:55:43 +0300
commit	7d09d36dde25e6503a879196e6fdc26212cf198e (patch)
tree	6909aeda3197fd7d41973a281908e34385583def /data
parent	a77c11fe2d0e3a564362cd1a82bf7551d8ad31bb (diff)