diff options
author | Adrian Bunk <bunk@debian.org> | 2021-11-27 19:55:13 +0200 |
---|---|---|
committer | Adrian Bunk <bunk@debian.org> | 2021-11-27 19:57:14 +0200 |
commit | f234e61cbf3008b730467f0792daaef5365b049a (patch) | |
tree | 513669e634c9b5a27557becb34699cfcc7651b0f | |
parent | 6b4999f6953b9b61b83327cae2608b28a6639c5a (diff) |
Reserve DLA-2828-1 for libvorbis
-rw-r--r-- | data/CVE/2017.list | 1 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 2 |
4 files changed, 3 insertions, 5 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 8257b199ed..fbdb988162 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -13804,7 +13804,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3. CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...) {DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream) NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2 NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 9eea06560a..a58e211cfe 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -29114,7 +29114,6 @@ CVE-2018-10394 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...) {DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 @@ -29122,7 +29121,6 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...) {DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b diff --git a/data/DLA/list b/data/DLA/list index cac101c43d..561fc85ca3 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[27 Nov 2021] DLA-2828-1 libvorbis - security update + {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393} + [stretch] - libvorbis 1.3.5-4+deb9u3 [27 Nov 2021] DLA-2827-1 bluez - security update {CVE-2019-8921 CVE-2019-8922 CVE-2021-41229} [stretch] - bluez 5.43-2+deb9u5 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index ba7c8b9837..07e8044084 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -62,8 +62,6 @@ libssh2 (Ola Lundqvist) NOTE: 20211031: but still need fixing in stretch and buster. (bunk) NOTE: 20211116: Work in progress for stretch. (ola) -- -libvorbis (Adrian Bunk) --- libvpx (Adrian Bunk) -- linux (Ben Hutchings) |