[Git][security-tracker-team/security-tracker][master] dla-needed: reclaim packages, update notes

Hugo Lefeuvre hle at debian.org
Sun Jul 21 22:31:31 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03c3eede by Hugo Lefeuvre at 2019-07-21T21:30:30Z
dla-needed: reclaim packages, update notes

I am still working on faad2 and hdf5, still waiting for answers from
upstream in both cases.

My work on libsdl-image made progress, uploads will happen once I've
finished testing them.

I am still investigating issues in libsdl.

Not sure why pound is still in dla-needed since the only issue was
marked no-dsa in jessie. Planning to take a look.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -15,10 +15,11 @@ asterisk
 cfengine3 (Mike Gabriel)
   NOTE: 20190628: likely not affected by CVE-2019-9929, but other not-yet-CVE'ed issues ahead
 --
-faad2
+faad2 (Hugo Lefeuvre)
   NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon.
   NOTE: 20190525: see https://github.com/knik0/faad2/pull/36
   NOTE: 20190610: still waiting for review, currently discussing with Fabian
+  NOTE: 20190721: still no answer, will ping Fabian
 --
 firefox-esr
 --
@@ -32,12 +33,13 @@ glib2.0 (Mike Gabriel)
 golang-go.crypto
   NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby)
 --
-hdf5
+hdf5 (Hugo Lefeuvre)
   NOTE: 20190511: upstream was not aware of our undetermined issues. They have assigned
   NOTE: a Jira issue for this: https://jira.hdfgroup.org/browse/HDFFV-10755 (hle)
   NOTE: 20190610: ongoing work. Currently thinking of releasing a first DLA
   NOTE: fixing the first few issues with patch available, but this would logically
   NOTE: imply to first prepare a buster update.
+  NOTE: 20190721: preparing a first upload. will ping upstream as well.
 --
 imagemagick (Mike Gabriel)
 --
@@ -65,15 +67,14 @@ libqb
   NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)
   NOTE: 20190619: See https://lists.debian.org/debian-lts/2019/06/msg00015.html
 --
-libsdl1.2
+libsdl1.2 (Hugo Lefeuvre)
   NOTE: see libsdl2 entry.
 --
 libsdl2 (Hugo Lefeuvre)
-  NOTE: I have written patches, and they were merged by upstream a few days ago.
-  NOTE: upload will happen tomorrow.
+  NOTE: checking the two last open issues.
 --
-libsdl2-image
-  NOTE: see libsdl2 entry.
+libsdl2-image (Hugo Lefeuvre)
+  NOTE: currently testing the update, will happen soon.
 --
 libxslt (Markus Koschany
   NOTE: 20190701: the Security Team doesn't want us to mark when jessie was explicitely tested as unfixed, so writing it here (beuc)
@@ -90,8 +91,10 @@ otrs2 (Abhijith PA)
 --
 php5
 --
-pound
+pound (Hugo Lefeuvre)
   NOTE: 20190715: https://salsa.debian.org/debian/pound/blob/jessie/debian/patches/0009-CVE-2016-1071.patch
+  NOTE: check, not sure why this is still in dla-needed since the only issue was triaged no-dsa in
+  NOTE: jessie (hle)
 --
 proftpd-dfsg (Markus Koschany)
 --
@@ -113,12 +116,13 @@ ruby-openid
   NOTE: 20190705: Pinged bug (lamby)
   NOTE: 20190710: I'm at a loss to how to continue persuing this issue (see https://github.com/openid/ruby-openid/issues/122) so returning to the pool. (lamby)
 --
-sdl-image1.2
-  NOTE: see libsdl2 entry.
+sdl-image1.2 (Hugo Lefeuvre)
+  NOTE: see libsdl2-image entry.
 --
 slurm-llnl
 --
 sox
+  NOTE: 20190721: no patch available (hle)
 --
 sqlite3
   NOTE: CVE-2019-8457: Should be ignored, based on the discussion on debian-lts:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03c3eedede357463700cfceba021029413b05ab4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03c3eedede357463700cfceba021029413b05ab4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190721/e56c2957/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list