From f234e61cbf3008b730467f0792daaef5365b049a Mon Sep 17 00:00:00 2001
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 27 Nov 2021 19:55:13 +0200
Subject: Reserve DLA-2828-1 for libvorbis

---
 data/CVE/2017.list  | 1 -
 data/CVE/2018.list  | 2 --
 data/DLA/list       | 3 +++
 data/dla-needed.txt | 2 --
 4 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 8257b199ed..fbdb988162 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -13804,7 +13804,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
 CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5  ...)
 	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
-	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2
 	NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 9eea06560a..a58e211cfe 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -29114,7 +29114,6 @@ CVE-2018-10394
 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
 	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
-	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
@@ -29122,7 +29121,6 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s
 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
 	{DLA-2013-1}
 	- libvorbis 1.3.6-2 (bug #876780)
-	[stretch] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
diff --git a/data/DLA/list b/data/DLA/list
index cac101c43d..561fc85ca3 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Nov 2021] DLA-2828-1 libvorbis - security update
+	{CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+	[stretch] - libvorbis 1.3.5-4+deb9u3
 [27 Nov 2021] DLA-2827-1 bluez - security update
 	{CVE-2019-8921 CVE-2019-8922 CVE-2021-41229}
 	[stretch] - bluez 5.43-2+deb9u5
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index ba7c8b9837..07e8044084 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -62,8 +62,6 @@ libssh2 (Ola Lundqvist)
   NOTE: 20211031: but still need fixing in stretch and buster. (bunk)
   NOTE: 20211116: Work in progress for stretch. (ola)
 --
-libvorbis (Adrian Bunk)
---
 libvpx (Adrian Bunk)
 --
 linux (Ben Hutchings)
-- 
cgit v1.2.3