Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
hi, I'd like to update debian-security-support in stretch to 2020.06.21~deb9u1 with the following changes to document the state of security support today: $ debdiff debian-security-support_2019.12.12~deb9u2.dsc debian-security-support_2020.06.21~deb9u1.dsc | diffstat debian/changelog | 38 ++++++++++++++++++++++++++++++++++++++ security-support-ended.deb10 | 1 + security-support-ended.deb8 | 16 ++++++++++++++++ security-support-ended.deb9 | 8 +++++++- security-support-limited | 3 ++- 5 files changed, 64 insertions(+), 2 deletions(-) $ debdiff debian-security-support_2019.12.12~deb9u2.dsc debian-security-support_2020.06.21~deb9u1.dsc dpkg-source: Warnung: unsigniertes Quellpaket wird extrahiert (/home/user/Projects/debian-security-support/debian-security-support_2020.06.21~deb9u1.dsc) diff -Nru debian-security-support-2019.12.12~deb9u2/debian/changelog debian-security-support-2020.06.21~deb9u1/debian/changelog --- debian-security-support-2019.12.12~deb9u2/debian/changelog 2020-01-30 22:04:07.000000000 +0100 +++ debian-security-support-2020.06.21~deb9u1/debian/changelog 2020-07-10 19:58:12.000000000 +0200 @@ -1,3 +1,41 @@ +debian-security-support (2020.06.21~deb9u1) stretch; urgency=medium + + * This update for stretch only contains changes to the files + security-support-limited and security-support-ended.deb(8|9|10) from + version 2020.06.21 from unstable, the changes in detail are: + - from 2020.06.21: + * Add cinder (OpenStack component) to security-support-ended.deb8. + - from 2020.06.11: + * Also add unbound to security-support-ended.deb8 - see DSA 4694-1 + and https://lists.debian.org/debian-lts/2020/06/msg00024.html and + follow-ups. + - from 2020.06.09: + * Add unbound to security-support-ended.deb9 (see DSA 4694-1). + - from 2020.05.22: + * Add pdns-recursor to security-support-ended.deb9 as explained in + DSA-4691-1. + - from 2020.05.08: + * Mark OpenStack packages as being unsupported in LTS; "jessie lost support + from upstream just a few weeks after the release." + - from 2020.04.16: + * Add tor to security-support-ended.deb8 as well, see DSA 4644-1. + * Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of + CVE-2020-10674 (#954238), also see #954297, #954298 and #954299. + - from 2020.03.22: + * Add tor to security-support-ended.deb9, see DSA 4644-1. + - from 2020.03.15: + * security-support-limited/zoneminder: declare limited support behind an + authenticated HTTP zone (see #922724). + - from 2020.03.05: + * Add xen to security-support-ended.deb8. + - from 2020.02.21: + * Add nodejs to security-support-ended.deb8 and .deb9. + - from 2020.01.21: + * Add nethack to security-support-ended.deb8. + * Mark xen as end-of-life for Stretch (DSA 4602-1). + + -- Holger Levsen <hol...@debian.org> Fri, 10 Jul 2020 19:58:12 +0200 + debian-security-support (2019.12.12~deb9u2) stretch-security; urgency=medium * Rebuild for stretch-security. diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb10 debian-security-support-2020.06.21~deb9u1/security-support-ended.deb10 --- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb10 2020-01-30 20:57:55.000000000 +0100 +++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb10 2020-07-10 19:46:36.000000000 +0200 @@ -11,3 +11,4 @@ # In the program's output, this is prefixed with "Details:" # none yet (please remove this line once this is not true anymore) +libperlspeak-perl 2.01-2 2020-04-16 https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 and 954298 diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb8 debian-security-support-2020.06.21~deb9u1/security-support-ended.deb8 --- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb8 2020-01-30 22:04:07.000000000 +0100 +++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb8 2020-07-10 19:46:36.000000000 +0200 @@ -32,3 +32,19 @@ nasm-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68 nodejs-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68 libqb 0.11.1-2 2019-11-15 Leaf package, no upstream support for this version +nethack 3.4.3-15 2019-12-30 https://lists.debian.org/debian-lts/2019/12/msg00062.html +nodejs 0.10.29~dfsg-2 2020-02-20 https://lists.debian.org/debian-lts/2020/02/msg00045.html and https://bugs.debian.org/931376 +xen 4.4.4lts5-0+deb8u1 2020-03-02 https://lists.debian.org/debian-lts/2020/03/msg00020.html +tor 0.2.5.16-1 2020-03-20 https://lists.debian.org/debian-security-announce/2020/msg00047.html +libperlspeak-perl 2.01-2 2020-04-16 https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 +# Openstack support dropped +cinder 2014.1.3-11+deb8u1 2020-06-19 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +glance 2014.1.3-12+deb8u1 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +horizon 2014.1.3-7+deb8u2 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +keystone 2014.1.3-6 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +nova 2014.1.3-11 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +python-keystoneclient 1:0.10.1-2+deb8u1 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +python-novaclient 2:2.18.1-1 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +swift 2.2.0-1+deb8u1 2020-05-08 "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html) +# End Openstack support dropped +unbound 1.4.22-3+deb8u4 2020-06-11 https://lists.debian.org/debian-lts/2020/06/msg00024.html and followups / DSA-4694-1 diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb9 debian-security-support-2020.06.21~deb9u1/security-support-ended.deb9 --- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb9 2020-01-30 22:04:07.000000000 +0100 +++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb9 2020-07-10 19:46:36.000000000 +0200 @@ -14,4 +14,10 @@ jasperreports 4.1.3+dfsg-3 2017-12-09 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10 nasm-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68 nodejs-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68 -chromium 73.0.3683.75-1~deb9u1 2019-11-10 https://lists.debian.org/debian-security-announce/2019/msg00214.html +chromium 73.0.3683.75-1~deb9u1 2019-11-10 https://lists.debian.org/debian-security-announce/2019/msg00214.html +xen 4.8.5.final+shim4.10.4-1+deb9u12 2020-01-13 https://lists.debian.org/debian-security-announce/2020/msg00005.html +nodejs 0.10.29~dfsg-2 2020-02-20 https://lists.debian.org/debian-lts/2020/02/msg00045.html and https://bugs.debian.org/931376 +tor 0.2.9.16-1 2020-03-20 https://lists.debian.org/debian-security-announce/2020/msg00047.html +libperlspeak-perl 2.01-2 2020-04-16 https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 and 954299 +pdns-recursor 4.0.4-1+deb9u4 2020-05-21 https://www.debian.org/security/2020/dsa-4691 +unbound 1.6.0-3+deb9u2 2020-05-26 https://lists.debian.org/debian-security-announce/2020/msg00098.html diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-limited debian-security-support-2020.06.21~deb9u1/security-support-limited --- debian-security-support-2019.12.12~deb9u2/security-support-limited 2020-01-30 22:04:07.000000000 +0100 +++ debian-security-support-2020.06.21~deb9u1/security-support-limited 2020-07-10 19:46:36.000000000 +0200 @@ -7,7 +7,7 @@ # In the program's output, this is prefixed with "Details:" adns Stub resolver that should only be used with trusted recursors -binutils Not covered by security support +binutils Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg....@mid.deneb.enyo.de ganglia See README.Debian.security, only supported behind an authenticated HTTP zone, #702775 ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 glpi Only supported behind an authenticated HTTP zone for trusted users @@ -28,3 +28,4 @@ webkitgtk No security support upstream and backports not feasible, only for use on trusted content wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058 wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058 +zoneminder See README.Debian.security, only supported behind an authenticated HTTP zone, #922724 Thanks for the work on point releases! -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C In Europe there are people prosecuted by courts because they saved other people from drowning in the Mediterranean Sea. That is almost as absurd as if there were people being prosecuted because they save humans from drowning in the sea.
signature.asc
Description: PGP signature