[Git][security-tracker-team/security-tracker][master] LTS: add notes on current status of libssh

[Sean Whitton (@spwhitton)]

Sean Whitton pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
73511b68 by Sean Whitton at 2024-02-25T13:50:19+08:00
LTS: add notes on current status of libssh

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -157,7 +157,14 @@ libreswan
 --
 libssh
   NOTE: 20231219: Added by Front-Desk (ta)
-  NOTE: 20240111: Still working on backporting the patches (spwhitton).
+  NOTE: 20240225: Patches backported, tests pass.  The backport should be
+  NOTE: 20240225: reviewed.  I haven't yet tested that Terrapin is actually
+  NOTE: 20240225: mitigated.  Upstream have provided some input on doing that:
+  NOTE: 20240225: .
+  NOTE: 20240225: I've asked upstream whether it's okay to restore the evp
+  NOTE: 20240225: functions and types:
+  NOTE: 20240225: 
+  NOTE: 20240225: (spwhitton).
 --
 libstb
   NOTE: 20231029: Added by Front-Desk (gladk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73511b68ca05fae82cafcb5c46dcedb5c4698fcc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73511b68ca05fae82cafcb5c46dcedb5c4698fcc
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] LTS: Add notes for pandoc/CVE-2023-35936.

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7466911c by Guilhem Moulin at 2023-07-21T00:18:23+02:00
LTS: Add notes for pandoc/CVE-2023-35936.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -119,6 +119,8 @@ openjdk-11 (Emilio)
 --
 pandoc (guilhem)
   NOTE: 20230709: Added by Front-Desk (gladk)
+  NOTE: 20230721: Discovered the upstream fix for CVE-2023-35936 was 
incomplete,
+  NOTE: 20230721: got in touch with them and requested a new CVE. (guilhem)
 --
 python-glance-store
   NOTE: 20230525: Added by Front-Desk (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7466911c7a726f7e667373d41d547cf3df39fef8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7466911c7a726f7e667373d41d547cf3df39fef8
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: add notes on webkit2gtk

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
673a0813 by Emilio Pozuelo Monfort at 2023-05-29T11:01:07+02:00
lts: add notes on webkit2gtk

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -220,4 +220,6 @@ webkit2gtk (Emilio)
   NOTE: 20230512: Programming language: C++.
   NOTE: 20230512: VCS: https://salsa.debian.org/webkit-team/webkit.git
   NOTE: 20230512: checking if upgrade to 2.40.x is possible, otherwise we'll 
have to EOL webkit (pochu)
+  NOTE: 20230529: made some progress on the backport, but there are still some 
blockers,
+  NOTE: 20230529: particularly around (the lack of) C++20 support. (pochu)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673a0813aa87d447d3d36bf9f1867c673ddc7444

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673a0813aa87d447d3d36bf9f1867c673ddc7444
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: add notes

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
29137efe by Emilio Pozuelo Monfort at 2021-12-06T13:55:01+01:00
lts: add notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -29,6 +29,7 @@ debian-archive-keyring
 --
 firefox-esr (Emilio)
   NOTE: 20211122: blocked on toolchain backports (pochu)
+  NOTE: 20211206: progressing on the toolchain front (pochu)
 --
 firmware-nonfree (Markus Koschany)
   NOTE: 20210731: WIP: 
https://salsa.debian.org/lts-team/packages/firmware-nonfree
@@ -84,6 +85,7 @@ samba (Anton)
 --
 thunderbird (Emilio)
   NOTE: 20211122: blocked on toolchain backports (pochu)
+  NOTE: 20211206: progressing on the toolchain front (pochu)
 --
 vim (Anton)
   NOTE: 20211203: adding here as it's in the ela-needed as well



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29137efef03b415fca0fe9e0a1cd99790f361938

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29137efef03b415fca0fe9e0a1cd99790f361938
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: add notes

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
356d by Emilio Pozuelo Monfort at 2020-12-28T09:50:34+01:00
lts: add notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -191,5 +191,6 @@ xcftools
   NOTE: 20200605: Patch 
https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch
 (gladk)
 --
 xdg-utils (Emilio)
-  NOTE: 20201207: pinged upstream about the proposed patch (Emilio)
+  NOTE: 20201228: regression on the proposed patch in xdg-email --attach 
(Emilio)
+  NOTE: 20201228: some applications may rely on the (broken) mailto behaviour, 
such as reportbug (Emilio)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/356dc6a3bc41531ba974bb31a6837ca304fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/356dc6a3bc41531ba974bb31a6837ca304fd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] lts: add notes

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ddd6356e by Emilio Pozuelo Monfort at 2020-07-20T10:49:12+02:00
lts: add notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -57,6 +57,7 @@ ffmpeg (Adrian Bunk)
   NOTE: 20200707: few days ago, which should fix this and many others. (lamby)
 --
 firefox-esr (Emilio)
+  NOTE: 20200720: working on ESR 78 backport. (Emilio)
 --
 freerdp
   NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
@@ -89,6 +90,8 @@ libopenmpt (Utkarsh Gupta)
 libpam-radius-auth (Utkarsh Gupta)
 --
 librsvg (Emilio)
+  NOTE: 20200720: backported patches, then updated to newer upstream (2.40.21).
+  NOTE: 20200720: testing packages and pondering which way to go. (Emilio)
 --
 linux (Ben Hutchings)
 --
@@ -125,6 +128,7 @@ pillow
   NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not 
CVE-2020-10378. (lamby)
 --
 poppler (Emilio)
+  NOTE: 20200720: wip (Emilio)
 --
 puma
   NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddd6356eb2d13f089d45bc75c39a7cbdf1563ee9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddd6356eb2d13f089d45bc75c39a7cbdf1563ee9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits