From e386d06c28db3204cd5b21bcc16f6e87ed8b8771 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Sat, 27 Nov 2021 23:04:53 +0200 Subject: Reserve DLA-2829-1 for libvpx --- data/CVE/2020.list | 1 - data/DLA/list | 3 +++ data/dla-needed.txt | 2 -- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 040abde0e6..5d95f682d3 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -72471,7 +72471,6 @@ CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...) {DLA-2136-1} - libvpx 1.7.0-3 - [stretch] - libvpx (Minor issue) NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework diff --git a/data/DLA/list b/data/DLA/list index 561fc85ca3..7d65b0eddc 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[27 Nov 2021] DLA-2829-1 libvpx - security update + {CVE-2020-0034} + [stretch] - libvpx 1.6.1-3+deb9u3 [27 Nov 2021] DLA-2828-1 libvorbis - security update {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393} [stretch] - libvorbis 1.3.5-4+deb9u3 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 261d91fdd1..df3804b585 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -64,8 +64,6 @@ libssh2 (Ola Lundqvist) NOTE: 20211031: but still need fixing in stretch and buster. (bunk) NOTE: 20211116: Work in progress for stretch. (ola) -- -libvpx (Adrian Bunk) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- cgit v1.2.3