From 1b0d5387a7a2d7d2841d12ce02a0652c813f8dc1 Mon Sep 17 00:00:00 2001
From: Markus Koschany <apo@debian.org>
Date: Fri, 4 Feb 2022 15:11:46 +0100
Subject: Reserve DLA-2911-1 for apng2gif

---
 data/DLA/list       | 3 +++
 data/dla-needed.txt | 4 ----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/DLA/list b/data/DLA/list
index dc07ba41f0..a47696b041 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[04 Feb 2022] DLA-2911-1 apng2gif - security update
+	{CVE-2017-6960 CVE-2017-6961 CVE-2017-6962}
+	[stretch] - apng2gif 1.8-0.1~deb9u1
 [03 Feb 2022] DLA-2910-1 ldns - security update
 	{CVE-2017-1000231 CVE-2017-1000232 CVE-2020-19860 CVE-2020-19861}
 	[stretch] - ldns 1.7.0-1+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 379cfd3068..832c9d7429 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -18,10 +18,6 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-apng2gif (Markus Koschany)
-  NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie
-  NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk)
---
 connman (Emilio)
    NOTE: 20220203: harmonize with buster-10.10 (CVE-2021-33833)
    NOTE: 20220203: + check new CVEs if patches can be identified (Beuc)
-- 
cgit v1.2.3