data/CVE/list

@@ -126047,7 +126047,6 @@ CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the funct
 CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
 	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (bug #876778)
-	[jessie] - libvorbis <postponed> (Minor issue, can be fixed along later)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
 	NOTE: https://github.com/xiph/vorbis/pull/34
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
@@ -136075,7 +136074,6 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka
 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...)
 	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (low; bug #870341)
-	[jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
@@ -180100,7 +180098,6 @@ CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2015-8947 (hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote atta ...)
 	- harfbuzz 1.2.6-1
-	[jessie] - harfbuzz <no-dsa> (Minor issue, can be fixed via a DSA)
 	NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e (1.0.5)
 CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencr ...)
 	- ecryptfs-utils 111-1

data/DLA/list

+[17 Dec 2019] DLA-2039-1 libvorbis - security update
+	{CVE-2017-11333 CVE-2017-14633}
+	[jessie] - libvorbis 1.3.4-2+deb8u3
 [17 Dec 2019] DLA-2038-1 libssh - security update
 	{CVE-2019-14889}
 	[jessie] - libssh 0.6.3-4+deb8u4