diff options
| author | Adrian Bunk <bunk@debian.org> | 2021-11-27 19:55:13 +0200 |
|---|---|---|
| committer | Adrian Bunk <bunk@debian.org> | 2021-11-27 19:57:14 +0200 |
| commit | 79862a468a5ca5f59ac21f57650062b7d82d11fc (patch) | |
| tree | 1856d0b4b1a6d49bf1ed71d98a001fae319d7666 | |
| parent | 1015e99a0f30d2f71a3553de859cc00c22a734c7 (diff) | |
Reserve DLA-2828-1 for libvorbis
| -rw-r--r-- | data/CVE/list.2017 | 1 | ||||
| -rw-r--r-- | data/CVE/list.2018 | 2 | ||||
| -rw-r--r-- | data/DLA/list | 3 | ||||
| -rw-r--r-- | data/dla-needed.txt | 2 |
4 files changed, 3 insertions, 5 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 8257b199ed..fbdb988162 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -13804,7 +13804,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3. CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...) {DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream) NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2 NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3 diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 9eea06560a..a58e211cfe 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -29114,7 +29114,6 @@ CVE-2018-10394 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...) {DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 @@ -29122,7 +29121,6 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...) {DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b diff --git a/data/DLA/list b/data/DLA/list index cac101c43d..561fc85ca3 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[27 Nov 2021] DLA-2828-1 libvorbis - security update + {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393} + [stretch] - libvorbis 1.3.5-4+deb9u3 [27 Nov 2021] DLA-2827-1 bluez - security update {CVE-2019-8921 CVE-2019-8922 CVE-2021-41229} [stretch] - bluez 5.43-2+deb9u5 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index ba7c8b9837..07e8044084 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -62,8 +62,6 @@ libssh2 (Ola Lundqvist) NOTE: 20211031: but still need fixing in stretch and buster. (bunk) NOTE: 20211116: Work in progress for stretch. (ola) -- -libvorbis (Adrian Bunk) --- libvpx (Adrian Bunk) -- linux (Ben Hutchings) |