Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
This update brings debian-security-support in line with unstable. Most notably in stable this affects swftools since security support for it is now limited. Cheers, -- Guido -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog index 28a9b5d..669e194 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,44 @@ +debian-security-support (2018.01.29~deb9u1) stable-proposed-updates; urgency=medium + + * Rebuild for stretch + + -- Guido Günther <a...@sigxcpu.org> Mon, 29 Jan 2018 17:23:45 +0100 + +debian-security-support (2018.01.29) unstable; urgency=medium + + [ Markus Koschany ] + * Add teamspeak to security-support-ended.deb7 + * Add libstruts1.2-java to security-support-ended.deb7. + * Add nvidia-graphics-drivers to security-support-ended.deb7. + Non-free is not supported + * Add glassfish to security-support-ended.deb7 + * Mark jbossas4 as end-of-life in Wheezy. + * Mark jasperreports as unsupported in Wheezy. + No sponsor users it. Targeted fixes not possible because detailed + information about the vulnerabilities and their solution (patches) is not + available. + + [ Salvatore Bonaccorso ] + * Mark chromium-browser as end-of-life for Debian 8 (Jessie) + + [ Raphaël Hertzog ] + * Mark libnet-ping-external-perl as unsupported in wheezy. + * Mark mp3gain as unsupported in wheezy. + + [ Emilio Pozuelo Monfort ] + * Mark tor as unsupported in wheezy. + + [ Guido Günther ] + * Add swftools to security support limited + swftools is orphaned (#885088) and the security tracker is currently + counting 25 open CVEs. It is a useful tool with trusted content though. + * Bump standards version to 4.1.3. + No changes needed + * Bump debhelper compat level to 9 which is available in oldoldstable + (wheezy). + + -- Guido Günther <a...@sigxcpu.org> Mon, 29 Jan 2018 17:05:46 +0100 + debian-security-support (2017.06.02) unstable; urgency=medium [ Moritz Muehlenhoff ] diff --git a/debian/compat b/debian/compat index 45a4fb7..ec63514 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -8 +9 diff --git a/debian/control b/debian/control index 2b827d1..f764ab9 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Maintainer: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Uploaders: Debian Security Team <t...@security.debian.org> -Build-Depends: debhelper (>= 8~), +Build-Depends: debhelper (>= 9~), asciidoc, gettext, gawk, @@ -15,7 +15,7 @@ Build-Depends: debhelper (>= 8~), original-awk, po-debconf, xmlto, -Standards-Version: 3.9.8 +Standards-Version: 4.1.3 Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..ee4e7df --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch=stretch diff --git a/security-support-ended.deb7 b/security-support-ended.deb7 index 5cfd110..5278edb 100644 --- a/security-support-ended.deb7 +++ b/security-support-ended.deb7 @@ -52,3 +52,13 @@ kfreebsd-8 8.3-6+deb7u1 2016-02-06 Not supported in Deb kfreebsd-9 9.0-10+deb70.10 2016-02-06 Not supported in Debian LTS ioquake3 1.36+svn2287-1 2017-03-15 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/03/msg00075.html) autotrace 0.31.1-16 2017-06-01 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/05/msg00124.html) +teamspeak-server 2.0.24.1+debian-1.1 2017-07-31 Not supported in Debian LTS (non-free) +teamspeak-client 2.0.32-3.1 2017-07-31 Not supported in Debian LTS (non-free) +libstruts1.2-java 1.2.9-5+deb7u2 2017-09-23 Not supported in Debian LTS +nvidia-graphics-drivers 304.131-1 2017-09-24 Not supported in Debian LTS (non-free) +glassfish 1:2.1.1-b31g-3 2017-09-26 Not supported in Debian LTS +jbossas4 4.2.3.GA-7 2017-10-31 Not supported in Debian LTS +libnet-ping-external-perl 0.13-1 2017-12-21 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/threads.html#00073) +mp3gain 1.5.2-r2-2+deb7u1 2017-12-21 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00086.html) +tor 0.2.4.29-1 2017-12-28 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00004.html) +jasperreports 4.1.3+dfsg-1 2018-01-12 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00088.html) diff --git a/security-support-ended.deb8 b/security-support-ended.deb8 index 8b8498a..c4e75df 100644 --- a/security-support-ended.deb8 +++ b/security-support-ended.deb8 @@ -19,3 +19,4 @@ sogo 2.2.9+git20141017-1 2017-01-14 https://lists.debia cgiemail 1.6-37 2017-06-02 https://lists.debian.org/debian-announce/2017/msg00002.html owncloud 7.0.4+dfsg-4~deb8u3 2017-06-02 https://lists.debian.org/debian-announce/2017/msg00002.html owncloud-apps 0~~20141022-1 2017-06-02 https://lists.debian.org/debian-announce/2017/msg00002.html +chromium-browser 57.0.2987.98-1~deb8u1 2017-11-07 https://lists.debian.org/debian-security-announce/2017/msg00282.html diff --git a/security-support-limited b/security-support-limited index b7e8d70..a651d73 100644 --- a/security-support-limited +++ b/security-support-limited @@ -20,6 +20,7 @@ ocsinventory-server Only supported behind an authenticated HTTP zone qtwebkit No security support upstream and backports not feasible, only for use on trusted content qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content sql-ledger Only supported behind an authenticated HTTP zone +swftools Not covered by security support, only suitable for trusted content webkitgtk No security support upstream and backports not feasible, only for use on trusted content wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058 wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058