[Git][security-tracker-team/security-tracker][master] Remove webcit from dla-needed.txt

Markus Koschany apo at debian.org
Thu Dec 10 22:42:16 GMT 2020

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker

96173743 by Markus Koschany at 2020-12-10T22:53:54+01:00
Remove webcit from dla-needed.txt

I am following the release team. The package was removed from Debian
recently. Upstream's recommendation to mitigate some of the vulnerabilities is
to filter URL requests with Nginx.


This can only be a workaround in my opinion. I don't think we should invest
more time into fixing webcit because the package has been removed from Debian
and there is no indication that it will be fixed in Buster. If you disagree,
please readd the package to dla-needed.txt.

- - - - -

1 changed file:

- data/dla-needed.txt


@@ -170,10 +170,6 @@ spip (Abhijith PA)
 tomcat8 (Utkarsh)
-webcit (Markus Koschany)
-  NOTE: 20201130: Requested more information from upstream. Currently patches
-  NOTE: or workarounds are not available.
   NOTE: 20201007: during last triage, I marked some CVEs as no-dsa, it'd be great to include
   NOTE: 20201007: those fixes as well! \o/ (utkarsh)

View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9617374395f2dfd2831570e8af8fd0dfb72d4aa8

View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9617374395f2dfd2831570e8af8fd0dfb72d4aa8
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201210/a942c865/attachment.html>

More information about the debian-security-tracker-commits mailing list