Re: Wheezy update of vorbis-tools for CVE-2015-6749
[Petter Reinholdtsen]
> Thank you. I'm building and testing in wheezy at the moment, and will
> upload when I am done. I would be very happy if someone else took the
> bookkeeping.
I'm not quite sure if the CVE tracker should be updated like this for
LTS entries or not. Perhaps someone who know can update it if that is
the right thing to do?
Index: list
===================================================================
--- list (revision 53134)
+++ list (working copy)
@@ -66164,7 +66164,7 @@
{DLA-317-1}
- vorbis-tools 1.4.0-7 (bug #797461)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
- [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1 (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
NOTE: https://trac.xiph.org/ticket/2212
CVE-2015-6741
@@ -82720,6 +82720,7 @@
{DLA-317-1}
- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1
- opus-tools 0.1.10-1 (unimportant; bug #780160)
NOTE: https://trac.xiph.org/ticket/2137
NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
@@ -82729,7 +82730,7 @@
{DLA-317-1}
- vorbis-tools 1.4.0-7 (low; bug #776086)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
- [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
- opus-tools 0.1.10-1 (bug #780160)
[jessie] - opus-tools <no-dsa> (Minor issue)
@@ -82740,7 +82741,7 @@
CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause ...)
{DLA-317-1}
- vorbis-tools 1.4.0-6 (bug #771363)
- [wheezy] - vorbis-tools <no-dsa> (Minor issue)
+ [wheezy] - vorbis-tools 1.4.0-1+deb7u1
[squeeze] - vorbis-tools <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/ticket/2009
NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
--
Happy hacking
Petter Reinholdtsen
Reply to: