Hi, Am 11.02.2018 um 23:08 schrieb Santiago R.R.: > El 11/02/18 a las 18:16, Markus Koschany escribió: >> Markus Koschany pushed to branch master at Debian Security Tracker / >> security-tracker >> >> Commits: >> >> • f8aa9d3d >> by Markus Koschany at 2018-02-11T19:16:41+01:00 >> >> Add librsvg to dla-needed.txt >> > > Hi Markus, > > The information I found about CVE-2018-1000041 is scarce. Do you have > more details about why this CVE warrants a DLA? I have added librsvg based on the information provided at: https://security-tracker.debian.org/tracker/CVE-2018-1000041 Salvatore added a link to an upstream commit https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f8938e52771127503c7b492feadd761959f0ebe which is supposedly the fix for CVE-2018-1000041. According to this information the Wheezy version looks vulnerable to me because the affected code is present. That was enough reason for me to add librsvg to dla-needed.txt. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature