[Git][security-tracker-team/security-tracker][master] dla-needed: update tika and hdf5 entries, claim clamav

Hugo Lefeuvre hle at debian.org
Sat Aug 10 08:03:00 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1938fcf1 by Hugo Lefeuvre at 2019-08-10T07:02:18Z
dla-needed: update tika and hdf5 entries, claim clamav

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -10,7 +10,7 @@ this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
-clamav
+clamav (Hugo Lefeuvre)
  NOTE: 20190810: Previous updates appear to have been backports, not direct fixes. (lamby)
 --
 dnsmasq (Mike Gabriel)
@@ -32,11 +32,9 @@ golang-go.crypto
   NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby)
 --
 hdf5 (Hugo Lefeuvre)
-  NOTE: 20190724: Upstream is aware of currently open issues. Progress is slow,
-  NOTE: but we can expect fixes for the next release. In any case, I will ping
-  NOTE: them afterwards to take stock of the situation. We should wait until
-  NOTE: then before releasing a jessie update (this should not take too much
-  NOTE: time anymore, given the release pace until now).
+  NOTE: 20190810: Upstream is aware of currently open issues. Progress is slow,
+  NOTE: wait for the next HDF5 point release and either do full package upgrade
+  NOTE: or cherry pick fixes.
 --
 imagemagick (Hugo Lefeuvre)
   NOTE: 20190809: almost done with triage. one issue really deserves a DLA, a few others
@@ -138,6 +136,7 @@ tika (Hugo Lefeuvre)
   NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
   NOTE: contacted tika developers to get confirmation:
   NOTE: https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
+  NOTE: 20190810: got answer privately, they should be able to confirm next week
 --
 tomcat8 (Sylvain Beucler)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1938fcf10a8d9812ac3c457be15fe36ffd0e9583

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1938fcf10a8d9812ac3c457be15fe36ffd0e9583
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190810/ab527c23/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list