[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: da80a366 by Emilio Pozuelo Monfort at 2023-06-12T12:33:01+02:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -115,7 +115,8 @@ openimageio (gladk) -- openjdk-11 (Emilio) NOTE: 20230419: Added by Front-Desk (ola) - NOTE: 20230522: waiting for sid/bullseye update (pochu) + NOTE: 20230522: waiting for sid update (pochu) + NOTE: 20230612: sid updated, preparing backport (pochu) -- owslib (Adrian Bunk) NOTE: 20230514: Added by Front-Desk (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da80a3663c6c65081d5752faf54235c1b511c7ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da80a3663c6c65081d5752faf54235c1b511c7ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cf17d7f by Emilio Pozuelo Monfort at 2023-05-08T10:47:01+02:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -149,6 +149,7 @@ openimageio (gladk) openjdk-11 (Emilio) NOTE: 20230419: Programming language: Java. NOTE: 20230419: VCS: https://salsa.debian.org/lts-team/packages/openjdk-11.git + NOTE: 20230508: waiting for sid/bullseye update (pochu) -- php-cas NOTE: 20221105: Programming language: PHP. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf17d7f31fc6483b10415f0c5f645bfadce483f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf17d7f31fc6483b10415f0c5f645bfadce483f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on docker
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: aa52fed0 by Anton Gladky at 2023-04-24T06:51:20+02:00 LTS: update notes on docker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,7 +44,7 @@ docker.io (gladk) NOTE: 20230303: Programming language: Go. NOTE: 20230303: Follow fixes from bullseye 11.2 (Beuc/front-desk) NOTE: 20230320: VCS: https://salsa.debian.org/lts-team/packages/docker.io.git - NOTE: 20230410: WIP + NOTE: 20230424: Is in preparation. -- emacs NOTE: 20230223: Programming language: Lisp. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa52fed0da18d50ad4178c3c127106b70c4f379f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa52fed0da18d50ad4178c3c127106b70c4f379f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on apache2
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: b38106f7 by Roberto C. Sánchez at 2022-08-09T17:02:58-04:00 LTS: update notes on apache2 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,6 +20,7 @@ NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.deb apache2 (Roberto C. Sánchez) NOTE: 20220723: Prepared update 2.4.38-3+deb10u8 and filed #1014346 requesting SRM approval for upload to final buster point release (roberto) NOTE: 20220723: Received upload approval from SRM and uploaded to buster (roberto) + NOTE: 20220809: Package is in oldstable-proposed-updates and will be in final buster point release (roberto) -- curl (Markus Koschany) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b38106f75730d2f03c2d27857ff5c3b06e5e4880 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b38106f75730d2f03c2d27857ff5c3b06e5e4880 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on postgresql-9.6
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 72905579 by Roberto C. Sánchez at 2022-06-08T21:09:33-04:00 LTS: update notes on postgresql-9.6 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -227,6 +227,8 @@ postgresql-9.6 (Roberto C. Sánchez) NOTE: 20220523: 9.6 is EOL'd upstream (Beuc/front-desk) NOTE: 20220523: Christoph Berg won't handle this update (Beuc/front-desk) NOTE: 20220523: https://lists.debian.org/debian-lts/2022/05/msg00054.html + NOTE: 20220608: Prepared backport of upstream patches and requested upstream review (roberto) + NOTE: 20220608: Upstream recommended waiting until a reported regression has been resolved (roberto) -- puppet-module-puppetlabs-firewall NOTE: 20220529: Programming language: Ruby. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72905579bea208f14cd8a4fe6866b3150f02ebf1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72905579bea208f14cd8a4fe6866b3150f02ebf1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes for halibut package
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: db5552e7 by Anton Gladky at 2022-06-07T21:04:30+02:00 LTS: update notes for halibut package - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -89,6 +89,8 @@ halibut (Anton) NOTE: 20220605: https://salsa.debian.org/lts-team/packages/halibut/ (Anton) NOTE: 20220605: patch is over 2600 lines long. Consider updating to the 1.3 version (Anton) NOTE: 20220605: Maintainer is contacted regarding this issue (Anton) + NOTE: 20220607: Maintainer is OK with the backport. But reverse dependencies should be checked whether the new version + NOTE: 20220607: is producing the same output. (Anton) -- horizon NOTE: 20220529: Programming language: Python. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5552e7bac0724f97f0b7224e09baf4f807dc8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db5552e7bac0724f97f0b7224e09baf4f807dc8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: c3ccadfb by Emilio Pozuelo Monfort at 2022-05-30T17:27:21+02:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,9 +44,12 @@ ckeditor (Sylvain Beucler) -- clamav (Emilio) NOTE: 20220510: Programming language: C. (apo) + NOTE: 20220530: update ready but was waiting for update in (old)stable-updates, + NOTE: 20220530: will release it soon. (pochu) -- curl (Emilio) NOTE: 20220529: Programming language: C. + NOTE: 20220530: update prepared, but there are test regressions, investigating (pochu) -- cyrus-imapd NOTE: 20220529: Programming language: C. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3ccadfb594a1aaac3d2d371be7eb8287f7a7bb6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3ccadfb594a1aaac3d2d371be7eb8287f7a7bb6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e1f6ae2 by Emilio Pozuelo Monfort at 2022-05-09T13:56:01+02:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -121,6 +121,8 @@ nvidia-graphics-drivers NOTE: 20220209: backport (apo) -- openjdk-8 (pochu) + NOTE: 20220509: pinged upstream about shenandoah status. considering updating + NOTE: 20220509: to 8u332 without shenandoah (pochu) -- pdns NOTE: 20220402: harmonize with buster/10.8 (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1f6ae22e79b252f4b26726d45cd1a6f11dc6a8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1f6ae22e79b252f4b26726d45cd1a6f11dc6a8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes about sox package
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d7ee716 by Anton Gladky at 2022-03-26T08:01:36+01:00 LTS: update notes about sox package - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -111,7 +111,9 @@ snapd NOTE: 20220308: seems vulnerable at least to setup_private_mount, NOTE: 20220308: but double check (pochu) -- -sox (Anton) +sox + NOTE: 20220326: CVE-2019-13590 is fixed in git (Anton) + NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton) -- tiff (Utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d7ee716349952fd0864c790ff68f55f2ce75ac1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d7ee716349952fd0864c790ff68f55f2ce75ac1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Update notes on gerbv
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 207d37a4 by Anton Gladky at 2022-03-26T07:25:32+01:00 LTS: Update notes on gerbv - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -33,8 +33,11 @@ firmware-nonfree NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag NOTE: 20211207: Intend to release this week. -- -gerbv (Anton) - NOTE: WIP https://salsa.debian.org/lts-team/packages/gerbv (Anton) +gerbv + NOTE: 20220321: WIP https://salsa.debian.org/lts-team/packages/gerbv (Anton) + NOTE: 20220326: CVE-2021-40401 is fixed https://salsa.debian.org/lts-team/packages/gerbv/-/blob/debian/stretch/debian/patches/CVE-2021-40401.patch (Anton) + NOTE: 20220326: CVE-2021-4040{0,2,3} do not have confirmed upstream fixes yet. (Anton) + -- golang-go.crypto -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/207d37a40b36fd1a882d22ec05daa887d0637598 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/207d37a40b36fd1a882d22ec05daa887d0637598 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 22e9aced by Emilio Pozuelo Monfort at 2022-03-18T13:59:49+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -19,6 +19,8 @@ ansible NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/ -- apache2 (Emilio) + NOTE: 20220318: packages prepared and tested, will release on Monday. extra testing welcome (pochu) + NOTE: 20220318: https://people.debian.org/~pochu/lts/apache2/apache2_2.4.25-3+deb9u13.dsc (pochu) -- asterisk (Abhijith PA) NOTE: 20220314: Looking on back log no-dsa (abhijith) @@ -88,6 +90,7 @@ snapd NOTE: 20220308: but double check (pochu) -- thunderbird (Emilio) + NOTE: 20220318: update prepared, but waiting for DSA (pochu) -- tzdata (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e9aced67ed0f069671799bdf6ee8cf2cd990d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e9aced67ed0f069671799bdf6ee8cf2cd990d5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 1aee51b0 by Emilio Pozuelo Monfort at 2022-03-07T08:27:28+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -31,6 +31,8 @@ debian-archive-keyring (Anton) -- expat (Emilio) NOTE: 20220221: please wait for DSA first. (Anton) + NOTE: 20220307: updates prepared and tested, but evaluating alternative upstream + NOTE: 20220307: change (wip) due to regressions in original fix (pochu) -- firefox-esr (Emilio) -- @@ -41,6 +43,7 @@ firmware-nonfree (Markus Koschany) -- freecad (Emilio) NOTE: 20220221: please wait for DSA first. (Anton) + NOTE: 20220307: update prepared and tested, will release soon (pochu) -- gif2apng (Anton) NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aee51b0736267ae99edcbeedd15f5ec19a1d0e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1aee51b0736267ae99edcbeedd15f5ec19a1d0e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: a24ec832 by Emilio Pozuelo Monfort at 2022-02-07T15:27:29+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -67,6 +67,7 @@ nvidia-graphics-drivers NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc) -- openjdk-8 (Emilio) + NOTE: 20220207: update ready, waiting for feedback, will upload tomorrow (pochu) -- pgbouncer NOTE: 20220104: maintainer might want to upload fixed version View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24ec8321398309616f752f1ac4bedb912e52c45 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24ec8321398309616f752f1ac4bedb912e52c45 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 32b98d5d by Emilio Pozuelo Monfort at 2022-01-03T12:38:59+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -102,6 +102,7 @@ thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) + NOTE: 20210103: DSA released, DLA will follow today (pochu) -- vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32b98d5dac11206866e242a5645f264e4211ffc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32b98d5dac11206866e242a5645f264e4211ffc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 17267169 by Emilio Pozuelo Monfort at 2021-12-20T10:16:42+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,6 +35,7 @@ debian-archive-keyring firefox-esr (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) + NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) -- firmware-nonfree (Markus Koschany) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -93,6 +94,7 @@ spip thunderbird (Emilio) NOTE: 20211122: blocked on toolchain backports (pochu) NOTE: 20211206: progressing on the toolchain front (pochu) + NOTE: 20211220: backport in progress, making it build with python3.5 (pochu) -- vim (Anton) NOTE: 20211203: adding here as it's in the ela-needed as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/172671699d725012911300f21b10a070d4859c29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/172671699d725012911300f21b10a070d4859c29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 51c22efc by Emilio Pozuelo Monfort at 2021-11-22T09:23:57+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -28,7 +28,7 @@ debian-archive-keyring NOTE: 20211018: with him and upload and publish the DLA. (utkarsh) -- firefox-esr (Emilio) - NOTE: 2026: blocked on toolchain backports (pochu) + NOTE: 20211122: blocked on toolchain backports (pochu) -- firmware-nonfree (Markus Koschany) NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree @@ -68,6 +68,7 @@ linux (Ben Hutchings) linux-4.19 (Ben Hutchings) -- mbedtls (Emilio) + NOTE: 20211122: CVEs backported, but one of them introduces a test regression, investigating (Emilio) -- nvidia-graphics-drivers NOTE: package is in non-free but also in packages-to-support @@ -87,7 +88,7 @@ rustc (Roberto C. Sánchez) samba (Anton) -- thunderbird (Emilio) - NOTE: 2026: blocked on toolchain backports (pochu) + NOTE: 20211122: blocked on toolchain backports (pochu) -- wireshark (Adrian Bunk) NOTE: 2029: Check https://salsa.debian.org/security-tracker-team/security-tracker/commit/d55b7eff90db8487e20106c2c09e61293a477e89 (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c22efceeebc3c501182095a9576c462be78691 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c22efceeebc3c501182095a9576c462be78691 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes for rustc
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f745469 by Roberto C. Sánchez at 2021-11-12T15:07:52-05:00 LTS: update notes for rustc - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,6 +88,7 @@ rustc (Roberto C. Sánchez) NOTE: https://bugs.debian.org/928422 NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk) NOTE: 20211101: working on llvm-toolchain-11 update, which is needed by rustc (roberto) + NOTE: 2022: llvm-toolchain-11 update is now uploaded (roberto) -- salt (Markus Koschany) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f745469ed127493045b9acf8cc74570586bea9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f745469ed127493045b9acf8cc74570586bea9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on my claimed packages
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 61159905 by Roberto C. Sánchez at 2021-11-01T07:37:14-04:00 LTS: update notes on my claimed packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -50,6 +50,7 @@ glusterfs (Markus Koschany) NOTE: 20211029: should also be fixed in stretch (bunk) -- gpac (Roberto C. Sánchez) + NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) -- libgit2 (Utkarsh) NOTE: 20211029: CVE-2018-10887/CVE-2018-10888/CVE-2018-15501 were fixed @@ -73,6 +74,7 @@ nvidia-graphics-drivers NOTE: only CVE‑2021‑1076 seems to be fixed in the R390 branch used in Stretch, no fix available for CVE-2021-1077 -- openjdk-8 (Roberto C. Sánchez) + NOTE: 20211101: coordinating with maribilos, waiting on upstream to finalize tags (roberto) -- openssh (Utkarsh) NOTE: 20211003: a backporting error for CVE-2018-15473 was reported in @@ -97,6 +99,7 @@ rustc (Roberto C. Sánchez) NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable NOTE: https://bugs.debian.org/928422 NOTE: Perhaps fix with the next rustc update for a new Firefox? (bunk) + NOTE: 20211101: working on llvm-toolchain-11 update, which is needed by rustc (roberto) -- salt (Markus Koschany) NOTE: 20210329: WIP (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61159905e90fa35101f81e39accb48a28ef6bc7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61159905e90fa35101f81e39accb48a28ef6bc7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes for xmlbeans
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ceb844e by Roberto C. Sánchez at 2021-02-21T22:42:03-05:00 LTS: update notes for xmlbeans - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -124,6 +124,9 @@ subversion (Thorsten Alteholz) NOTE: 20210221: solving build problems -- xmlbeans (Roberto C. Sánchez) + NOTE: 20210222: Affected code changed significantly from 2.6.0 to 3.0.0 (the + NOTE: 20210222: upstream release with the fix). Trying to determine how to + NOTE: 20210222: implement the changes without introducing too much new code. (roberto) -- zeromq3 (Anton Gladky) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ceb844e7e90a0121d1c570e6ab2d08379c0cdee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ceb844e7e90a0121d1c570e6ab2d08379c0cdee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ca06ac1 by Emilio Pozuelo Monfort at 2020-12-07T09:24:45+01:00 lts: update notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,8 @@ f2fs-tools NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0 and 1.13.0, but it is not trivial to NOTE: 20200815: to detect which of the patches correlates to the CVE. Contacting upstream might be necessary. (sunweaver) -- -firmware-nonfree (Emilio) +firmware-nonfree + NOTE: 20201207: wait for the update in buster and backport that (Emilio) -- golang-golang-x-net-dev (Brian May) -- @@ -184,7 +185,7 @@ xcftools NOTE: 20200605: Patch https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch (gladk) -- xdg-utils (Emilio) - NOTE: 20201122: wait for a while to get the fix exposed in other suites. (utkarsh) + NOTE: 20201207: pinged upstream about the proposed patch (Emilio) -- xorg-server (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ca06ac161363d4c97de6b62429403d5475d1052 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ca06ac161363d4c97de6b62429403d5475d1052 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes (gnutls28, shiro)
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 9967aac8 by Roberto C. Sánchez at 2020-09-20T16:37:50-04:00 LTS: update notes (gnutls28, shiro) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -74,6 +74,7 @@ fossil freerdp -- gnutls28 (Roberto C. Sánchez) + NOTE: 20200920: WIP -- golang-1.7 -- @@ -184,6 +185,7 @@ samba (Mike Gabriel) NOTE: 20200903: As discussed internally, I will look into Samba AD CVEs and revisit the risk assessment, plus fix the more severe issues (sunweaver) -- shiro (Roberto C. Sánchez) + NOTE: 20200920: WIP -- slirp NOTE: Upstream patch for CVE-2020-8608 requires patches for View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9967aac85ba054b406820657e1d6a60f2af4e085 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9967aac85ba054b406820657e1d6a60f2af4e085 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] lts: update notes on firefox 78 ESR work
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 843e5de4 by Emilio Pozuelo Monfort at 2020-09-13T22:41:48+02:00 lts: update notes on firefox 78 ESR work - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -63,7 +63,7 @@ f2fs-tools -- firefox-esr (Emilio) NOTE: 20200720: working on ESR 78 backport. (pochu) - NOTE: 20200831: backported llvm 10 and wasi-libc, looking into rustc/cargo (pochu) + NOTE: 20200913: backported rustc, cargo and rust-cbindgen, uploads will follow after the buster ones (pochu) -- fossil NOTE: 20200903: looked into CVE-2020-24614: the fix for this CVE partially applies, but does not apply around a View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/843e5de4bef85746101c1118381d48014fa61656 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/843e5de4bef85746101c1118381d48014fa61656 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on bluez
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 53ddcf3b by Roberto C. Sánchez at 2020-05-21T17:45:53-04:00 LTS: update notes on bluez - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,14 +29,7 @@ apache2 (Utkarsh Gupta) bind9 (Thorsten Alteholz) -- bluez (Roberto C. Sánchez) - NOTE: 20200420: Many upstream refactorings make this hard to see where the - NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc, - NOTE: 20200420: 718bad60d, etc.) (lamby) - NOTE: 20200513: The hog_connect function doesn't exist in Jessie (bam).. - NOTE: 20200513: See: https://lists.debian.org/debian-lts/2020/05/msg00030.html - NOTE: 20200513: See: https://lists.debian.org/debian-lts/2020/05/msg00038.html (untested patch) - NOTE: 20200513: Another alternative would be to backport the fixed version in Stretch. - NOTE: 20200518: After further discussion (see above thread), stretch backport will be done (roberto) + NOTE: 20200521: Uploaded backport (version 5.43-2+deb8u1), which now must go through NEW (roberto) -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ddcf3b2bd2b252c348e574e0f93f4eb5305dab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ddcf3b2bd2b252c348e574e0f93f4eb5305dab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on tomcat8
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: efc2b254 by Roberto C. Sánchez at 2020-05-21T12:20:01-04:00 LTS: update notes on tomcat8 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -103,8 +103,8 @@ squid3 (Markus Koschany) NOTE: 20200518: Ongoing work on squid3 in Stretch which will be used for Jessie NOTE: 20200518: and Stretch. -- -tomcat8 - In d8fb8968ba9d89b4fd62e6570ad78b2efa8b7635 the DLA was reserved but not uploaded. +tomcat8 (Markus Koschany) + NOTE: 20200521: One patch resulted to have a bug that had to be fixed; new CVE also released. (roberto) -- transmission (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc2b254109ba691fa7d0c212f7b369d7d39fd84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc2b254109ba691fa7d0c212f7b369d7d39fd84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: Update notes for bluez
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 399fe2dc by Roberto C. Sánchez at 2020-05-18T16:14:45-04:00 LTS: Update notes for bluez - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -34,6 +34,7 @@ bluez (Roberto C. Sánchez) NOTE: 20200513: See: https://lists.debian.org/debian-lts/2020/05/msg00030.html NOTE: 20200513: See: https://lists.debian.org/debian-lts/2020/05/msg00038.html (untested patch) NOTE: 20200513: Another alternative would be to backport the fixed version in Stretch. + NOTE: 20200518: After further discussion (see above thread), stretch backport will be done (roberto) -- clamav (Utkarsh Gupta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/399fe2dcbaf0e40e1f678f8e78f8aa45a8fcea3b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/399fe2dcbaf0e40e1f678f8e78f8aa45a8fcea3b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits