Hi Ola, On 11/07/2022 23:24, Ola Lundqvist (@opal) wrote:
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 55001d9c by Ola Lundqvist at 2022-07-11T23:23:41+02:00 Wrote a script to bulk add EOL entries for LTS buster. - - - - - b4c0adda by Ola Lundqvist at 2022-07-11T23:23:43+02:00 Bulk added EOL entries for ckeditor3 for LTS buster. - - - - - 141f38d2 by Ola Lundqvist at 2022-07-11T23:23:44+02:00 Bulk added almost 70 EOL entries for gpac in LTS buster. - - - - - a577308d by Ola Lundqvist at 2022-07-11T23:23:45+02:00 Bulk added EOL for 3 CVEs for libspring-java in buster LTS. - - - - - d3c2727d by Ola Lundqvist at 2022-07-11T23:23:46+02:00 Bulk added EOL for 2 CVEs for node-tar in buster LTS. - - - - - 58366339 by Ola Lundqvist at 2022-07-11T23:23:48+02:00 Bulk added EOL for 2 CVEs for node-url-parse in buster LTS. - - - - - 021ec750 by Ola Lundqvist at 2022-07-11T23:23:48+02:00 One correction to the eol bulk add script. Also simplified the output to make it less verbose. - - - - - 22d9f630 by Ola Lundqvist at 2022-07-11T23:23:49+02:00 Bulk added EOL for 12 CVEs for nodejs in buster LTS.
buster is not LTS yet, so all of that triaging seems wrong to me, unless you have cleared that with the security team. If you have not, please revert it as those packages are still supported in buster.
Also, I don't know what you based all of those EOL entries on, but I don't see those packages being EOL in buster. Please start a discussion on the LTS list before doing that. If there's one and I missed it, please point me to it.
Cheers, Emilio