summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@debian.org>2021-11-27 19:55:13 +0200
committerAdrian Bunk <bunk@debian.org>2021-11-27 19:57:14 +0200
commitf234e61cbf3008b730467f0792daaef5365b049a (patch)
tree513669e634c9b5a27557becb34699cfcc7651b0f
parent6b4999f6953b9b61b83327cae2608b28a6639c5a (diff)
Reserve DLA-2828-1 for libvorbis
-rw-r--r--data/CVE/2017.list1
-rw-r--r--data/CVE/2018.list2
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt2
4 files changed, 3 insertions, 5 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 8257b199ed..fbdb988162 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -13804,7 +13804,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...)
{DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2
NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 9eea06560a..a58e211cfe 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -29114,7 +29114,6 @@ CVE-2018-10394
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
{DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
@@ -29122,7 +29121,6 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
{DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
diff --git a/data/DLA/list b/data/DLA/list
index cac101c43d..561fc85ca3 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Nov 2021] DLA-2828-1 libvorbis - security update
+ {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+ [stretch] - libvorbis 1.3.5-4+deb9u3
[27 Nov 2021] DLA-2827-1 bluez - security update
{CVE-2019-8921 CVE-2019-8922 CVE-2021-41229}
[stretch] - bluez 5.43-2+deb9u5
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index ba7c8b9837..07e8044084 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -62,8 +62,6 @@ libssh2 (Ola Lundqvist)
NOTE: 20211031: but still need fixing in stretch and buster. (bunk)
NOTE: 20211116: Work in progress for stretch. (ola)
--
-libvorbis (Adrian Bunk)
---
libvpx (Adrian Bunk)
--
linux (Ben Hutchings)

© 2014-2024 Faster IT GmbH | imprint | privacy policy