[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 63d58345 by Jeremiah C. Foster at 2022-05-16T22:26:44-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -33,7 +33,7 @@ asterisk (Abhijith PA) cgal NOTE: 20220421: many no-dsa issues, please check, whether it is possible to fix them without uploading a new upstream release (Anton) -- -ckeditor (Sylvain Beucler) +ckeditor NOTE: 20220402: multiple pendings vulnerabilities (Beuc) -- clamav (Emilio) @@ -62,7 +62,7 @@ gerbv golang-go.crypto NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) @@ -70,7 +70,7 @@ gpac (Roberto C. Sánchez) NOTE: 20220413: New CVEs continue flooding in (roberto) NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- -icingaweb2 (Abhijith PA) +icingaweb2 NOTE: https://people.debian.org/~abhijith/upload/mruby/icingaweb2_2.4.1-1+deb9u2.dsc (abhijith) -- intel-microcode (Stefano Rivera) @@ -86,7 +86,7 @@ liblouis NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo, NOTE: 20220503: Patch not applied upstream yet. -- -libpgjava (Markus Koschany) +libpgjava -- libvirt (Thorsten Alteholz) NOTE: 20220508: testing package @@ -177,7 +177,7 @@ sox NOTE: 20220326: https://salsa.debian.org/lts-team/packages/sox NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton) -- -subversion (Roberto C. Sánchez) +subversion NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply (eg. "copyfrom_path = apr_pstrdup(...)" assignment) NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby) NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63d58345a20951f0419a2fbfa3617181eda0ae84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63d58345a20951f0419a2fbfa3617181eda0ae84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a295f37 by Jeremiah C. Foster at 2022-05-02T22:21:18-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -42,7 +42,7 @@ composer: (Markus Koschany) NOTE: 20220424: programming language PHP NOTE: 20220424: check whether really affected (Anton) -- -debian-security-support (Utkarsh) +debian-security-support NOTE: 20220402: need to update the list of unsupported packages (Beuc) NOTE: 20220402: check debian/README.source, sync with h01ger, and announce EOL'd packages (Beuc) NOTE: 20220402: context: https://lists.debian.org/debian-lts/2022/04/msg0.html (Beuc) @@ -100,7 +100,7 @@ linux-4.19 (Ben Hutchings) mariadb-10.1 NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg5.html and coordinate with maintainer (Anton) -- -mbedtls (Utkarsh) +mbedtls NOTE: 20220404: update prepared, needs testing. (utkarsh) NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh) -- @@ -163,7 +163,7 @@ subversion (Roberto C. Sánchez) NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby) NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico) -- -tiff (Utkarsh) +tiff NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff. NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh) NOTE: 20220419: new CVE reported; waiting to see if there are more. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a295f373c45c3b0edf3b652bcbf44786928cb2a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a295f373c45c3b0edf3b652bcbf44786928cb2a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 23a281b6 by Jeremiah C. Foster at 2022-04-27T11:16:17-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -111,7 +111,7 @@ mbedtls (Utkarsh) NOTE: 20220404: update prepared, needs testing. (utkarsh) NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh) -- -mitmproxy (Abhijith PA) +mitmproxy -- mruby -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a281b6acdcbf93848785283cc454d112a3b551 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23a281b6acdcbf93848785283cc454d112a3b551 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: d9947f82 by Jeremiah C. Foster at 2022-04-13T21:08:45-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,13 +53,13 @@ golang-1.8 golang-go.crypto NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) NOTE: 20220305: There are many dozens of open CVEs, it will take a while yet (roberto) -- -icingaweb2 (Abhijith PA) +icingaweb2 -- intel-microcode NOTE: 20220213: please recheck View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9947f82881390eb7a7851fe425c79d391f14541 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9947f82881390eb7a7851fe425c79d391f14541 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 1561c1c2 by Jeremiah C. Foster at 2022-04-04T19:50:45-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -abcm2ps (Anton) +abcm2ps -- ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and @@ -80,7 +80,7 @@ libpgjava -- libvirt (Thorsten Alteholz) -- -libxml2 (Anton) +libxml2 -- libz-mingw-w64 NOTE: 20220231: upcoming DSA (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1561c1c25f5fff239a4f477b249f5bdba2e56952 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1561c1c25f5fff239a4f477b249f5bdba2e56952 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: e6377a3e by Jeremiah C. Foster at 2022-03-21T20:58:58-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,7 +32,7 @@ cacti (Sylvain Beucler) -- condor -- -firmware-nonfree (Markus Koschany) +firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. @@ -42,7 +42,7 @@ gerbv (Anton) -- golang-go.crypto -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) @@ -131,7 +131,7 @@ waitress NOTE: 20220320: instead. Someone with more Python knowledge should take another look NOTE: 20220320: at it. (apo) -- -wireshark (Markus Koschany) +wireshark -- zabbix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6377a3e2bd9f60269377d1f83161ba50779871d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6377a3e2bd9f60269377d1f83161ba50779871d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dc304de by Jeremiah C. Foster at 2022-03-14T17:19:48-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -41,7 +41,7 @@ intel-microcode -- kicad -- -libarchive (Thorsten Alteholz) +libarchive NOTE: 20220225: fix seems to be incomplete -- libreoffice (Anton) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dc304dee50672f7eef89858a7118fd5899b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dc304dee50672f7eef89858a7118fd5899b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 852a3692 by Jeremiah C. Foster at 2022-03-01T23:57:24-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -49,7 +49,7 @@ gif2apng (Anton) NOTE: 20220221: WIP (Anton) NOTE: 20220221: CVE-2021-45909 is fixed. (Anton) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) @@ -79,7 +79,7 @@ nvidia-graphics-drivers NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential NOTE: 20220209: backport (apo) -- -pjproject (Abhijith PA) +pjproject NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith) -- @@ -91,7 +91,7 @@ samba NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh) NOTE: 20220125: ftbfs, wip. (utkarsh) -- -tiff (Thorsten Alteholz) +tiff -- vim (Markus) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/852a36924cdf87f58ef8ec739c3a3fd7e7ef771c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/852a36924cdf87f58ef8ec739c3a3fd7e7ef771c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 40ff50a2 by Jeremiah C. Foster at 2022-02-21T22:24:15-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -30,7 +30,7 @@ debian-archive-keyring (Anton) expat (Emilio) NOTE: 20220221: please wait for DSA first. (Anton) -- -firmware-nonfree (Markus Koschany) +firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. @@ -88,5 +88,5 @@ ujson (Anton) NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton) NOTE: 20220221: WIP (Anton) -- -vim (Markus Koschany) +vim -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40ff50a2e88f2d4896fa348c490367dfd83b6116 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40ff50a2e88f2d4896fa348c490367dfd83b6116 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: e34a6f37 by Jeremiah C. Foster at 2022-02-14T23:37:19-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -63,7 +63,7 @@ nvidia-graphics-drivers NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential NOTE: 20220209: backport (apo) -- -pjproject (Abhijith PA) +pjproject NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu) -- samba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e34a6f37300755e636ef81f02ccaa769433b3c9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e34a6f37300755e636ef81f02ccaa769433b3c9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 20910de2 by Jeremiah C. Foster at 2022-02-07T14:47:06-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,7 @@ gif2apng (Anton) NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc) NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) @@ -56,7 +56,7 @@ libarchive (Thorsten Alteholz) NOTE: 20220116: waiting for upload in higher releases NOTE: 20220130: new CVEs arrived -- -libgit2 (Utkarsh) +libgit2 NOTE: 20220125: got clearance. will upload this week. (utkarsh) -- linux (Ben Hutchings) @@ -79,7 +79,7 @@ python2.7 (Anton) NOTE: 20220112: 3 postponed CVEs (Beuc) NOTE: 20220206: WIP https://salsa.debian.org/lts-team/packages/python2.7/ (Anton) -- -samba (Utkarsh Gupta) +samba NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton) NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20910de25d3041c5361cea0567a3cdbbd1ceb0e9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20910de25d3041c5361cea0567a3cdbbd1ceb0e9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: be20 by Jeremiah C. Foster at 2022-01-31T21:27:53-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -101,7 +101,7 @@ varnish NOTE: 20220130: also fix no-dsa issues. (utkarsh) NOTE: 20220130: VRB_Ignore function is very different from what's in the patch. (utkarsh) -- -vim (Emilio) +vim -- wpa (Markus Koschany) NOTE: 20220124: CVE-2018-9495 has been applied View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be209e58d9bbc1cc69d84a1f8a1548c5ebe7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be209e58d9bbc1cc69d84a1f8a1548c5ebe7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e1f2913 by Jeremiah C. Foster at 2022-01-24T15:06:34-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 902f5bd7 by Jeremiah C. Foster at 2022-01-24T15:17:24-05:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -80,7 +80,7 @@ nss (Emilio) -- openjdk-8 (Emilio) -- -pgbouncer (Christoph Berg) +pgbouncer NOTE: 20220104: maintainer might want to upload fixed version -- pjproject View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/297750265b1ed26557b3032b42675c0d3623d876...902f5bd782761bc49ccf4bc613a33fed58017096 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/297750265b1ed26557b3032b42675c0d3623d876...902f5bd782761bc49ccf4bc613a33fed58017096 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: aac050f9 by Jeremiah C. Foster at 2022-01-17T21:03:17-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible (Lee Garrett) +ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ @@ -36,7 +36,7 @@ debian-archive-keyring -- expat (Markus Koschany) -- -firmware-nonfree (Markus Koschany) +firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. @@ -54,7 +54,7 @@ golang-1.7 (Sylvain Beucler) golang-1.8 (Sylvain Beucler) NOTE: 20220114: harmonize with bullseye-11.2 (CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717) (Beuc) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) @@ -90,7 +90,7 @@ linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) -- -nvidia-graphics-drivers (Markus Koschany) +nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 NOTE: 20211108: nvidia-graphics-drivers-legacy-390xx 390.144-1 in buster/bullseye/bookworm View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac050f99b03cf57c1551a1e95aecc01589d9528 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac050f99b03cf57c1551a1e95aecc01589d9528 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Update LTS FD-file for 2022
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: b9650df6 by Anton Gladky at 2022-01-05T21:08:27+00:00 Update LTS FD-file for 2022 - - - - - 37e0e912 by Jeremiah C. Foster at 2022-01-05T21:08:27+00:00 Merge branch update_lts_file into master Update LTS FD-file for 2022 See merge request security-tracker-team/security-tracker!98 - - - - - 1 changed file: - org/lts-frontdesk.2022.txt Changes: = org/lts-frontdesk.2022.txt = @@ -15,51 +15,51 @@ From 03-01 to 09-01:Chris Lamb From 10-01 to 16-01:Sylvain Beucler From 17-01 to 23-01:Thorsten Alteholz From 24-01 to 30-01:Utkarsh Gupta -From 31-01 to 06-02:Chris Lamb -From 07-02 to 13-02:Chris Lamb -From 14-02 to 20-02:Emilio Pozuelo Monfort -From 21-02 to 27-02:Markus Koschany -From 28-02 to 06-03:Sylvain Beucler -From 07-03 to 13-03:Thorsten Alteholz -From 14-03 to 20-03:Utkarsh Gupta -From 21-03 to 27-03:Chris Lamb -From 28-03 to 03-04:Emilio Pozuelo Monfort -From 04-04 to 10-04:Markus Koschany -From 11-04 to 17-04:Sylvain Beucler -From 18-04 to 24-04:Thorsten Alteholz -From 25-04 to 01-05:Utkarsh Gupta -From 02-05 to 08-05:Chris Lamb -From 09-05 to 15-05:Emilio Pozuelo Monfort -From 16-05 to 22-05:Markus Koschany +From 31-01 to 06-02:Sylvain Beucler +From 07-02 to 13-02:Thorsten Alteholz +From 14-02 to 20-02:Utkarsh Gupta +From 21-02 to 27-02:Anton Gladky +From 28-02 to 06-03:Chris Lamb +From 07-03 to 13-03:Emilio Pozuelo Monfort +From 14-03 to 20-03:Markus Koschany +From 21-03 to 27-03:Ola Lundqvist +From 28-03 to 03-04:Sylvain Beucler +From 04-04 to 10-04:Thorsten Alteholz +From 11-04 to 17-04:Utkarsh Gupta +From 18-04 to 24-04:Anton Gladky +From 25-04 to 01-05:Chris Lamb +From 02-05 to 08-05:Emilio Pozuelo Monfort +From 09-05 to 15-05:Markus Koschany +From 16-05 to 22-05:Ola Lundqvist From 23-05 to 29-05:Sylvain Beucler From 30-05 to 05-06:Thorsten Alteholz From 06-06 to 12-06:Utkarsh Gupta -From 13-06 to 19-06:Chris Lamb -From 20-06 to 26-06:Emilio Pozuelo Monfort -From 27-06 to 03-07:Markus Koschany -From 04-07 to 10-07:Sylvain Beucler -From 11-07 to 17-07:Thorsten Alteholz -From 18-07 to 24-07:Utkarsh Gupta -From 25-07 to 31-07:Chris Lamb -From 01-08 to 07-08:Emilio Pozuelo Monfort -From 08-08 to 14-08:Markus Koschany -From 15-08 to 21-08:Sylvain Beucler -From 22-08 to 28-08:Thorsten Alteholz -From 29-08 to 04-09:Utkarsh Gupta -From 05-09 to 11-09:Chris Lamb -From 12-09 to 18-09:Emilio Pozuelo Monfort -From 19-09 to 25-09:Markus Koschany -From 26-09 to 02-10:Sylvain Beucler -From 03-10 to 09-10:Thorsten Alteholz -From 10-10 to 16-10:Utkarsh Gupta -From 17-10 to 23-10:Chris Lamb -From 24-10 to 30-10:Emilio Pozuelo Monfort -From 31-10 to 06-11:Markus Koschany -From 07-11 to 13-11:Sylvain Beucler -From 14-11 to 20-11:Thorsten Alteholz -From 21-11 to 27-11:Utkarsh Gupta -From 28-11 to 04-12:Chris Lamb -From 05-12 to 11-12:Emilio Pozuelo Monfort -From 12-12 to 18-12:Markus Koschany -From 19-12 to 25-12:Sylvain Beucler -From 26-12 to 01-01:Thorsten Alteholz +From 13-06 to 19-06:Anton Gladky +From 20-06 to 26-06:Chris Lamb +From 27-06 to 03-07:Emilio Pozuelo Monfort +From 04-07 to 10-07: +From 11-07 to 17-07: +From 18-07 to 24-07: +From 25-07 to 31-07: +From 01-08 to 07-08: +From 08-08 to 14-08: +From 15-08 to 21-08: +From 22-08 to 28-08: +From 29-08 to 04-09: +From 05-09 to 11-09: +From 12-09 to 18-09: +From 19-09 to 25-09: +From 26-09 to 02-10: +From 03-10 to 09-10: +From 10-10 to 16-10: +From 17-10 to 23-10: +From 24-10 to 30-10: +From 31-10 to 06-11: +From 07-11 to 13-11: +From 14-11 to 20-11: +From 21-11 to 27-11: +From 28-11 to 04-12: +From 05-12 to 11-12: +From 12-12 to 18-12: +From 19-12 to 25-12: +From 26-12 to 01-01: \ No newline at end of file View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4e7912d92cc7c21e311ab276a52865caeac18317...37e0e912a8e29701fb574b3a6c31c5c5d7d624a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4e7912d92cc7c21e311ab276a52865caeac18317...37e0e912a8e29701fb574b3a6c31c5c5d7d624a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] New front desk file for 2022 based on new dispatch logic.
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: c55791fe by Jeremiah C. Foster at 2022-01-04T22:23:57-05:00 New front desk file for 2022 based on new dispatch logic. - - - - - 1 changed file: - org/lts-frontdesk.2022.txt Changes: = org/lts-frontdesk.2022.txt = @@ -16,50 +16,50 @@ From 10-01 to 16-01:Sylvain Beucler From 17-01 to 23-01:Thorsten Alteholz From 24-01 to 30-01:Utkarsh Gupta From 31-01 to 06-02:Chris Lamb -From 07-02 to 13-02:Thorsten Alteholz -From 14-02 to 20-02:Utkarsh Gupta -From 21-02 to 27-02:Emilio Pozuelo Monfort +From 07-02 to 13-02:Chris Lamb +From 14-02 to 20-02:Emilio Pozuelo Monfort +From 21-02 to 27-02:Markus Koschany From 28-02 to 06-03:Sylvain Beucler -From 07-03 to 13-03:Chris Lamb -From 14-03 to 20-03:Chris Lamb -From 21-03 to 27-03:Utkarsh Gupta -From 28-03 to 03-04:Anton Gladky -From 04-04 to 10-04:Thorsten Alteholz -From 11-04 to 17-04:Thorsten Alteholz +From 07-03 to 13-03:Thorsten Alteholz +From 14-03 to 20-03:Utkarsh Gupta +From 21-03 to 27-03:Chris Lamb +From 28-03 to 03-04:Emilio Pozuelo Monfort +From 04-04 to 10-04:Markus Koschany +From 11-04 to 17-04:Sylvain Beucler From 18-04 to 24-04:Thorsten Alteholz -From 25-04 to 01-05:Emilio Pozuelo Monfort +From 25-04 to 01-05:Utkarsh Gupta From 02-05 to 08-05:Chris Lamb -From 09-05 to 15-05:Ola Lundqvist -From 16-05 to 22-05:Sylvain Beucler -From 23-05 to 29-05:Anton Gladky -From 30-05 to 05-06:Ola Lundqvist -From 06-06 to 12-06:Ola Lundqvist -From 13-06 to 19-06:Thorsten Alteholz -From 20-06 to 26-06:Ola Lundqvist -From 27-06 to 03-07:Anton Gladky -From 04-07 to 10-07:Ola Lundqvist -From 11-07 to 17-07:Emilio Pozuelo Monfort -From 18-07 to 24-07:Emilio Pozuelo Monfort +From 09-05 to 15-05:Emilio Pozuelo Monfort +From 16-05 to 22-05:Markus Koschany +From 23-05 to 29-05:Sylvain Beucler +From 30-05 to 05-06:Thorsten Alteholz +From 06-06 to 12-06:Utkarsh Gupta +From 13-06 to 19-06:Chris Lamb +From 20-06 to 26-06:Emilio Pozuelo Monfort +From 27-06 to 03-07:Markus Koschany +From 04-07 to 10-07:Sylvain Beucler +From 11-07 to 17-07:Thorsten Alteholz +From 18-07 to 24-07:Utkarsh Gupta From 25-07 to 31-07:Chris Lamb -From 01-08 to 07-08:Ola Lundqvist -From 08-08 to 14-08:Emilio Pozuelo Monfort +From 01-08 to 07-08:Emilio Pozuelo Monfort +From 08-08 to 14-08:Markus Koschany From 15-08 to 21-08:Sylvain Beucler -From 22-08 to 28-08:Emilio Pozuelo Monfort -From 29-08 to 04-09:Anton Gladky -From 05-09 to 11-09:Anton Gladky -From 12-09 to 18-09:Sylvain Beucler -From 19-09 to 25-09:Anton Gladky +From 22-08 to 28-08:Thorsten Alteholz +From 29-08 to 04-09:Utkarsh Gupta +From 05-09 to 11-09:Chris Lamb +From 12-09 to 18-09:Emilio Pozuelo Monfort +From 19-09 to 25-09:Markus Koschany From 26-09 to 02-10:Sylvain Beucler -From 03-10 to 09-10:Utkarsh Gupta -From 10-10 to 16-10:Ola Lundqvist -From 17-10 to 23-10:Anton Gladky -From 24-10 to 30-10:Ola Lundqvist -From 31-10 to 06-11:Chris Lamb -From 07-11 to 13-11:Chris Lamb -From 14-11 to 20-11:Emilio Pozuelo Monfort +From 03-10 to 09-10:Thorsten Alteholz +From 10-10 to 16-10:Utkarsh Gupta +From 17-10 to 23-10:Chris Lamb +From 24-10 to 30-10:Emilio Pozuelo Monfort +From 31-10 to 06-11:Markus Koschany +From 07-11 to 13-11:Sylvain Beucler +From 14-11 to 20-11:Thorsten Alteholz From 21-11 to 27-11:Utkarsh Gupta -From 28-11 to 04-12:Utkarsh Gupta -From 05-12 to 11-12:Anton Gladky -From 12-12 to 18-12:Thorsten Alteholz -From 19-12 to 25-12:Thorsten Alteholz -From 26-12 to 01-01:Anton Gladky +From 28-11 to 04-12:Chris Lamb +From 05-12 to 11-12:Emilio Pozuelo Monfort +From 12-12 to 18-12:Markus Koschany +From 19-12 to 25-12:Sylvain Beucler +From 26-12 to 01-01:Thorsten Alteholz View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55791fe39512633d4f91aced1070b9c22d13a81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55791fe39512633d4f91aced1070b9c22d13a81 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 10f94880 by Jeremiah C. Foster at 2022-01-03T19:13:45-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,7 +81,7 @@ nvidia-graphics-drivers (Markus Koschany) NOTE: 20211108: now fixes all 5 CVEs (bunk) NOTE: 20211229: https://people.debian.org/~apo/lts/nvidia-graphics-drivers/ -- -pgbouncer (Christoph Berg) +pgbouncer NOTE: 20211220: maintainer might want to upload fixed version -- php-nette (Utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f94880677751472fa9afa1c1270fb678700196 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f94880677751472fa9afa1c1270fb678700196 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Updating Front Desk file for 2022.
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f5b59b3 by Jeremiah C. Foster at 2022-01-03T01:48:20-05:00 Updating Front Desk file for 2022. - - - - - e54e854a by Jeremiah C. Foster at 2022-01-03T08:53:46-05:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - org/lts-frontdesk.2022.txt Changes: = org/lts-frontdesk.2022.txt = @@ -15,51 +15,51 @@ From 03-01 to 09-01:Chris Lamb From 10-01 to 16-01:Sylvain Beucler From 17-01 to 23-01:Thorsten Alteholz From 24-01 to 30-01:Utkarsh Gupta -From 31-01 to 06-02:Sylvain Beucler -From 07-02 to 13-02:Chris Lamb +From 31-01 to 06-02:Chris Lamb +From 07-02 to 13-02:Thorsten Alteholz From 14-02 to 20-02:Utkarsh Gupta -From 21-02 to 27-02:Thorsten Alteholz +From 21-02 to 27-02:Emilio Pozuelo Monfort From 28-02 to 06-03:Sylvain Beucler From 07-03 to 13-03:Chris Lamb -From 14-03 to 20-03:Utkarsh Gupta -From 21-03 to 27-03:Thorsten Alteholz -From 28-03 to 03-04:Sylvain Beucler -From 04-04 to 10-04:Chris Lamb -From 11-04 to 17-04:Utkarsh Gupta -From 18-04 to 24-04:Thorsten Alteholz -From 25-04 to 01-05:Utkarsh Gupta -From 02-05 to 08-05:Sylvain Beucler -From 09-05 to 15-05:Chris Lamb -From 16-05 to 22-05:Utkarsh Gupta -From 23-05 to 29-05:Thorsten Alteholz -From 30-05 to 05-06:Sylvain Beucler -From 06-06 to 12-06:Chris Lamb -From 13-06 to 19-06:Utkarsh Gupta -From 20-06 to 26-06:Thorsten Alteholz -From 27-06 to 03-07:Utkarsh Gupta -From 04-07 to 10-07:Sylvain Beucler -From 11-07 to 17-07:Chris Lamb -From 18-07 to 24-07:Thorsten Alteholz -From 25-07 to 31-07:Utkarsh Gupta -From 01-08 to 07-08:Sylvain Beucler -From 08-08 to 14-08:Utkarsh Gupta -From 15-08 to 21-08:Chris Lamb -From 22-08 to 28-08:Thorsten Alteholz -From 29-08 to 04-09:Sylvain Beucler -From 05-09 to 11-09:Chris Lamb -From 12-09 to 18-09:Utkarsh Gupta -From 19-09 to 25-09:Thorsten Alteholz -From 26-09 to 02-10:Utkarsh Gupta -From 03-10 to 09-10:Sylvain Beucler -From 10-10 to 16-10:Utkarsh Gupta -From 17-10 to 23-10:Chris Lamb -From 24-10 to 30-10:Thorsten Alteholz -From 31-10 to 06-11:Sylvain Beucler -From 07-11 to 13-11:Utkarsh Gupta -From 14-11 to 20-11:Anton Gladky -From 21-11 to 27-11:Thorsten Alteholz -From 28-11 to 04-12:Sylvain Beucler -From 05-12 to 11-12:Chris Lamb -From 12-12 to 18-12:Thorsten Alteholz -From 19-12 to 25-12:Utkarsh Gupta -From 26-12 to 01-01:Anton Gladky +From 14-03 to 20-03:Chris Lamb +From 21-03 to 27-03:Utkarsh Gupta +From 28-03 to 03-04:Anton Gladky +From 04-04 to 10-04:Thorsten Alteholz +From 11-04 to 17-04:Thorsten Alteholz +From 18-04 to 24-04:Thorsten Alteholz +From 25-04 to 01-05:Emilio Pozuelo Monfort +From 02-05 to 08-05:Chris Lamb +From 09-05 to 15-05:Ola Lundqvist +From 16-05 to 22-05:Sylvain Beucler +From 23-05 to 29-05:Anton Gladky +From 30-05 to 05-06:Ola Lundqvist +From 06-06 to 12-06:Ola Lundqvist +From 13-06 to 19-06:Thorsten Alteholz +From 20-06 to 26-06:Ola Lundqvist +From 27-06 to 03-07:Anton Gladky +From 04-07 to 10-07:Ola Lundqvist +From 11-07 to 17-07:Emilio Pozuelo Monfort +From 18-07 to 24-07:Emilio Pozuelo Monfort +From 25-07 to 31-07:Chris Lamb +From 01-08 to 07-08:Ola Lundqvist +From 08-08 to 14-08:Emilio Pozuelo Monfort +From 15-08 to 21-08:Sylvain Beucler +From 22-08 to 28-08:Emilio Pozuelo Monfort +From 29-08 to 04-09:Anton Gladky +From 05-09 to 11-09:Anton Gladky +From 12-09 to 18-09:Sylvain Beucler +From 19-09 to 25-09:Anton Gladky +From 26-09 to 02-10:Sylvain Beucler +From 03-10 to 09-10:Utkarsh Gupta +From 10-10 to 16-10:Ola Lundqvist +From 17-10 to 23-10:Anton Gladky +From 24-10 to 30-10:Ola Lundqvist +From 31-10 to 06-11:Chris Lamb +From 07-11 to 13-11:Chris Lamb +From 14-11 to 20-11:Emilio Pozuelo Monfort +From 21-11 to 27-11:Utkarsh Gupta +From 28-11 to 04-12:Utkarsh Gupta +From 05-12 to 11-12:Anton Gladky +From 12-12 to 18-12:Thorsten Alteholz +From 19-12 to 25-12:Thorsten Alteholz +From 26-12 to 01-01:Anton Gladky View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6ba8808a5b008d774811d1dccf26c3850481c750...e54e854a39b6383e1e80b1532ec6952b34a96356 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6ba8808a5b008d774811d1dccf26c3850481c750...e54e854a39b6383e1e80b1532ec6952b34a96356 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a76800c by Jeremiah C. Foster at 2021-12-28T01:05:24-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -39,12 +39,12 @@ firefox-esr (Emilio) NOTE: 20211206: progressing on the toolchain front (pochu) NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) -- -firmware-nonfree (Markus Koschany) +firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) -- @@ -71,7 +71,7 @@ linux-4.19 (Ben Hutchings) -- lxml (Utkarsh) -- -nvidia-graphics-drivers (Markus Koschany) +nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 NOTE: 20211108: nvidia-graphics-drivers-legacy-390xx 390.144-1 in buster/bullseye/bookworm View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a76800c1650b0908f45b1391ce72a4480f3ae9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a76800c1650b0908f45b1391ce72a4480f3ae9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c462e05 by Jeremiah C. Foster at 2021-12-13T14:57:46-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,7 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -ansible (Lee Garrett) +ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and NOTE: 20210411: after that LTS. (apo) NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ @@ -40,7 +40,7 @@ gpac (Roberto C. Sánchez) NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) -- -libgit2 (Utkarsh) +libgit2 NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c462e0557113e69389e008e92a5c64299363a57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c462e0557113e69389e008e92a5c64299363a57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: b1d8bc91 by Jeremiah C. Foster at 2021-12-06T18:33:23-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -31,11 +31,11 @@ firefox-esr (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) -- -firmware-nonfree (Markus Koschany) +firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) -- @@ -49,7 +49,7 @@ libgit2 (Utkarsh) NOTE: 20211129: readied up everything, using pygit and other wrappers NOTE: 20211129: around which the code changed. will upload in the next 2 days. (utkarsh) -- -libssh2 (Ola Lundqvist) +libssh2 NOTE: 20211031: CVE-2019-13115 and CVE-2019-17498 were fixed in jessie DLAs NOTE: 20211031: but still need fixing in stretch and buster. (bunk) NOTE: 2026: Work in progress for stretch. (ola) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1d8bc917fa078f741af6983f92e53b51348f394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1d8bc917fa078f741af6983f92e53b51348f394 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Pushed new branch jeremiah-glossary-patch-more
Jeremiah C. Foster pushed new branch jeremiah-glossary-patch-more at Debian Security Tracker / security-tracker -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/tree/jeremiah-glossary-patch-more You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: fc090df8 by Jeremiah C. Foster at 2021-11-29T19:46:58-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -86,7 +86,7 @@ roundcube (Markus Koschany) -- rsync (Adrian Bunk) -- -rustc (Roberto C. Sánchez) +rustc NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable NOTE: https://bugs.debian.org/928422 NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc090df852a7756b473c0074d73f4aabf4ab0861 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc090df852a7756b473c0074d73f4aabf4ab0861 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Deleted branch jeremiah-glossary-dsa-patch
Jeremiah C. Foster deleted branch jeremiah-glossary-dsa-patch at Debian Security Tracker / security-tracker -- You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker] Pushed new branch jeremiah-glossary-dsa-patch
Jeremiah C. Foster pushed new branch jeremiah-glossary-dsa-patch at Debian Security Tracker / security-tracker -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/tree/jeremiah-glossary-dsa-patch You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 030523ed by Jeremiah C. Foster at 2021-11-15T14:36:59-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -36,7 +36,7 @@ debian-archive-keyring exiv2 (Thorsten Alteholz) NOTE: 20211109: testing package -- -firefox-esr (Emilio) +firefox-esr -- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -49,19 +49,19 @@ gerbv (Anton) -- gmp (Anton) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) -- kodi (Adrian Bunk) -- -libgit2 (Utkarsh) +libgit2 NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed NOTE: 20211029: for jessie in DLA-1477-1 and should also be fixed in stretch NOTE: 20211029: 4 other CVEs might also be worth fixing (bunk) NOTE: 20211029: taking this with my maintainer hat on; will investigate NOTE: 20211029: and TAL later next week. (utkarsh) -- -libssh2 (Ola Lundqvist) +libssh2 NOTE: 20211031: CVE-2019-13115 and CVE-2019-17498 were fixed in jessie DLAs NOTE: 20211031: but still need fixing in stretch and buster. (bunk) -- @@ -93,5 +93,5 @@ salt (Markus Koschany) -- samba (Anton) -- -thunderbird (Emilio) +thunderbird -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/030523eddfe0cf3a89aef7e0b9d402483284472e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/030523eddfe0cf3a89aef7e0b9d402483284472e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 1101fe9a by Jeremiah C. Foster at 2021-11-08T13:35:44-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,7 +32,7 @@ debian-archive-keyring NOTE: 20211018: Jonathan is prepping the branch; will work NOTE: 20211018: with him and upload and publish the DLA. (utkarsh) -- -exiv2 (Thorsten Alteholz) +exiv2 NOTE: 20211024: WIP, not yet finished -- ffmpeg (Anton Gladky) @@ -94,7 +94,7 @@ rustc (Roberto C. Sánchez) NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk) NOTE: 20211101: working on llvm-toolchain-11 update, which is needed by rustc (roberto) -- -salt (Markus Koschany) +salt NOTE: 20210329: WIP (utkarsh) NOTE: 20210510: patches ready; reviewing and testing with donfede, damien, and bdrung. (utkarsh) NOTE: 20210510: will try to release ASAP; also preparing update for buster (DSA). (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1101fe9a69e2317a6a797583c16ab43f0ea8b159 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1101fe9a69e2317a6a797583c16ab43f0ea8b159 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Semi-automatic unclaim after two weeks of inactivity.
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 37d42c9b by Jeremiah C. Foster at 2021-11-01T16:25:54-04:00 Semi-automatic unclaim after two weeks of inactivity. Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -79,7 +79,7 @@ nvidia-graphics-drivers openjdk-8 (Roberto C. Sánchez) NOTE: 20211101: coordinating with maribilos, waiting on upstream to finalize tags (roberto) -- -openssh (Utkarsh) +openssh NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in NOTE: 20211003: Ubuntu (and can see the same code differences here); NOTE: 20211003: check if that needs to be fixed; talking to -security. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d42c9b1b094406251ac9274fe1b3eb217e1013 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d42c9b1b094406251ac9274fe1b3eb217e1013 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "semi-automatic unclaim after 2 weeks of inactivity"
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 92c9f24d by Jeremiah C. Foster at 2021-10-25T15:06:28-04:00 Revert semi-automatic unclaim after 2 weeks of inactivity This was an old commit that is now irrlevant. This reverts commit 827654f8d1b960cad8ef31edafe83bbdaeb00ce1. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -12,11 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. --- -amd64-microcode - NOTE: 20210831: no binary package was built, possibly due to non-free-specific rules - NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html - NOTE: 20210912: https://lists.debian.org/debian-lts/2021/09/msg00018.html (utkarsh) -- ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and @@ -50,8 +45,6 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- -libreoffice (Sylvain Beucler) --- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c9f24d3d39c0bbd343977109fe85f53d541247 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c9f24d3d39c0bbd343977109fe85f53d541247 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: semi-automatic unclaim after 2 weeks of inactivity
Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker Commits: 827654f8 by Jeremiah C. Foster at 2021-10-25T14:50:38-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - f8e29b6a by Jeremiah C. Foster at 2021-10-25T14:50:39-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster jerem...@jeremiahfoster.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -12,6 +12,11 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. +-- +amd64-microcode + NOTE: 20210831: no binary package was built, possibly due to non-free-specific rules + NOTE: 20210831: https://lists.debian.org/debian-lts/2021/08/msg00033.html + NOTE: 20210912: https://lists.debian.org/debian-lts/2021/09/msg00018.html (utkarsh) -- ansible NOTE: 20210411: As discussed with the maintainer I will update Buster first and @@ -37,7 +42,7 @@ ffmpeg (Anton Gladky) NOTE: 20211010: WIP https://salsa.debian.org/lts-team/packages/ffmpeg NOTE: ffmpeg 3.2.16 has been released -- -firefox-esr (Emilio) +firefox-esr -- firmware-nonfree NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -45,6 +50,8 @@ firmware-nonfree -- gpac (Roberto C. Sánchez) -- +libreoffice (Sylvain Beucler) +-- linux (Ben Hutchings) -- linux-4.19 (Ben Hutchings) @@ -70,12 +77,12 @@ openssh (Utkarsh) NOTE: 20211018: the regression doesn't happen for stretch; looking at NOTE: 20211018: the other bit. (utkarsh) -- -python3.5 (Utkarsh) +python3.5 NOTE: 20211003: whilst looks like a no-dsa/postponed candidate on a NOTE: 20211003: quick look, Canonical issued an update via the ESM NOTE: 20211003: pocket. Needs another look. (utkarsh) -- -redis (Chris Lamb) +redis NOTE: 20211004: Fixed in sid and experimental. (lamby) NOTE: 20211006: buster-pu filed in #995825. (lamby) -- @@ -91,5 +98,5 @@ salt (Markus Koschany) NOTE: 20210607: new CVE patch proposed by damien; donfede to provide a debdiff. (utkarsh) NOTE: 20210816: will test the provided debdiff; needs testing as regression spotted. (utkarsh) -- -thunderbird (Emilio) +thunderbird -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cb8fc1694a9fa413783b1bfdf9dd33375be09bdd...f8e29b6acbadc30246076fa40005ab89d13f1bdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cb8fc1694a9fa413783b1bfdf9dd33375be09bdd...f8e29b6acbadc30246076fa40005ab89d13f1bdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits