External check
CVE-2015-4116: TODO: check CVE-2016-2803: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.
Re: please add icdiff to embedded-code-copies
Hi Paul, >> as the maintainer, I’d like to let you know the package ‘icdiff’ >> (new in unstable) contains a modified fork of Python’s difflib code. >> According to upstream, it’s "based on Python's difflib.HtmlDiff, with >> changes to provide console output instead of HTML output". > > Thanks, committed. Thanks! >> icdiff >> - libpython-stdlib (modified-embed) >> NOTE: core functionality based on Python difflib code with changed >> output format > > FYI, the format is the other way around and deals with source > packages. Ah, I see. This also makes more sense from a security point of view -- it maps included packages to including packages so fixes can be propagated downstream. Thanks for making this more clear. > Also, I think icdiff is more of a fork than modified-embed? I was reluctant to use 'fork' because its definition as 'a full-blown fork of another source package' suggested a complete copy of python. But you have seen many more of these cases and hence I trust you have made the right call. Thanks for the hints and best regards Sascha signature.asc Description: OpenPGP digital signature
Re: please add icdiff to embedded-code-copies
On Mon, May 16, 2016 at 5:17 AM, Sascha Steinbiss wrote: > as the maintainer, I’d like to let you know the package ‘icdiff’ (new in > unstable) contains a modified fork of Python’s difflib code. According to > upstream, it’s "based on Python's difflib.HtmlDiff, with changes to provide > console output instead of HTML output". Thanks, committed. > icdiff > - libpython-stdlib (modified-embed) > NOTE: core functionality based on Python difflib code with changed > output format FYI, the format is the other way around and deals with source packages. Also, I think icdiff is more of a fork than modified-embed? -- bye, pabs https://wiki.debian.org/PaulWise
DSA candidates
asterisk/stable -- cacti/stable -- cakephp/stable -- dhcpcd5/stable -- dotclear/stable -- gdm3/stable -- harfbuzz/stable -- jq/stable -- libjackson-json-java/stable -- libspring-java/stable -- libuser/stable -- libvpx/stable -- mxml/stable -- nagios3/stable -- ocaml/stable -- p7zip/stable -- php5/stable -- policykit-1/stable -- pycurl/stable -- ruby-eventmachine/stable -- ruby-jquery-rails/stable -- ruby-omniauth/stable -- sogo/stable -- swift/stable -- symfony/stable -- tiff/stable -- ufraw/stable -- virtualbox/stable -- wireshark/stable -- wpa/stable -- zabbix/stable -- -- The above is a list of DSA candidates based on the tracker's information. One should evaluate the candidates and either add them to dsa-needed.txt or consider tagging them no-dsa.
