[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 918-1] freetype security update

On Thu, Apr 27, 2017 at 01:04:54PM +0200, Bolesław Tokarski wrote:
> Hi,
> 
> > See https://security-tracker.debian.org/tracker/CVE-2016-10328
> 
> Nice, I see it's in 'fixed' state in 2.5.2-3+deb8u1 already. I guess it was not 
> clear that this does not affect that version last time I checked - I remember 
> it was 'vulnerable' back then (April 21st).

"fixed" in that page applies to both "patched" and "not affected to begin with",
so it was only tagged as "fixed" after I had investigated CVE-2016-10328 to
be a non-issue for stable and commited that to the security tracker DB.
 
> > CVE-2016-10244 was only scheduled for the next point release due to low
> > impact, but in the light of the new CVE-2017-8105, it'll be fixed in a DSA
> > as well.
> 
> I see a previous CVE fixed in Debian-LTS still lights up in jessie: 
> https://security-tracker.debian.org/tracker/CVE-2016-10244
> 
> Do you happen to know if that one's coming out in a DSA?

Yes, that will be included in the next DSA.
 
Cheers,
        Moritz
Reply to: