External check

2020-01-10 Thread Security Tracker 
CVE-2019-9423: TODO: check
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.

Bug#948634: debian-security-support: please elaborate on binutils' status

2020-01-10 Thread Daniel Shahaf 
Package: debian-security-support
Version: 2019.06.13
Severity: important
Tags: patch
Control: affects -1 binutils

Dear Maintainer,

Now that binutils has limited security support, please elaborate on its
status.  Suggested patch (against current git):

--- a/security-support-limited
+++ b/security-support-limited
@@ -7,7 +7,7 @@
 #In the program's output, this is prefixed with "Details:"
 
 adnsStub resolver that should only be used with trusted recursors
-binutilsNot covered by security support
+binutilsOnly suitable for trusted content; see 
https://lists.debian.org/msgid-search/87lfqsomtg@mid.deneb.enyo.de
 ganglia See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702775
 ganglia-web See README.Debian.security, only supported behind an 
authenticated HTTP zone, #702776
 glpiOnly supported behind an authenticated HTTP zone for trusted 
users

@Florian That linked message is yours; any objections from you?

Thanks,

Daniel

P.S. Priority "important" since binutils' rdeps include dpkg-dev, gcc,
and clang, so I assume this is quite visible.