[Git][security-tracker-team/security-tracker][master] Add notes for claimed packages

Utkarsh Gupta utkarsh at debian.org
Sun Nov 22 22:58:49 GMT 2020 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68fd0374 by Utkarsh Gupta at 2020-11-23T04:27:54+05:30
Add notes for claimed packages

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -58,15 +58,20 @@ imagemagick (Roberto C. Sánchez)
 --
 influxdb
 --
-intel-microcode (Utkarsh)
+intel-microcode
   NOTE: 20201117: hold off the update until it's settled in unstable, at least.
   NOTE: 20201117: each round of updates had caused regressions. Thanks Moritz! (utkarsh)
+  NOTE: 20201122: the patch is ready but after discussing with the security team, hold on
+  NOTE: 20201122: this update for 2 weeks to first let it land in buster. (utkarsh)
+  NOTE: 20201122: Utkarsh will upload once its confirmed that there is no regression
+  NOTE: 20201122: and is actively tracking it. (utkarsh)
 --
 jupyter-notebook (Chris Lamb)
   NOTE: 20201120: Defer upload for a week or so. Last DLA release was less than a month (abhijith)
 --
 lemonldap-ng (Utkarsh)
   NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby)
+  NOTE: 20201122: still waiting to hear from upstream. (utkarsh)
 --
 libhibernate3-java
   NOTE: 20201115: No patch yet; unsure if version in LTS is vulnerable. (lamby)
@@ -92,9 +97,10 @@ musl (Utkarsh)
 --
 mutt (Adrian Bunk)
 --
-open-build-service (Utkarsh)
+open-build-service
   NOTE: 20201001: upstream is yet to work on CVE-2020-8021. Pinged them.
   NOTE: 20201001: cf: https://bugzilla.suse.com/show_bug.cgi?id=1171649 (utkarsh)
+  NOTE: 20201122: regression noticed; let the fix be exposed in sid for a week or two. (utkarsh)
 --
 opendmarc
   NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68fd03746fcccf88d61518fbd9b52cf45185ee87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68fd03746fcccf88d61518fbd9b52cf45185ee87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201122/38e69340/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list