Thanks Ola.
Emilio, can you confirm your latest upload also addresses
CVE-2019-2697?
It's MITRE page points to:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
"Mateusz Jurczyk of Google Project Zero: CVE-2019-2697,
CVE-2019-2698"
which also references CVE-2019-2698, which DLA-1782-1 addressed.
So it is likely that this is an oversight in data/CVE/list, as the
upload was a new upstream version (i.e. not cherry-picking).
Cheers!
Sylvain
On 13/05/2019 17:00, Ola Lundqvist
wrote:
Hi Sylvain
It was meant to consider CVE-2019-2697.
I do not know anything about re-consider this CVE as
nothing has been noted to that CVE that it has been ignored or
should be treated in some other way.
// Ola
On Mon, 13 May 2019 at 10:57,
Sylvain Beucler <
beuc@beuc.net> wrote:
Hi,
openjdk-7 is back in dla-needed.txt with the commit message
"Sounds
serious enough".
However it was re-added the day after DLA-1782-1 and there's
no new CVE
since.
Was it an oversight, or was it meant to reconsider
https://security-tracker.debian.org/tracker/CVE-2019-2697
which wasn't
addressed by that DLA?
Cheers!
Sylvain
--
---
Inguza Technology AB --- MSc in Information
Technology ----
---------------------------------------------------------------