[Git][security-tracker-team/security-tracker][master] 9 commits: add-dsa-needed: Only list packages for stable for dsa-needed list
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 1 13:03:12 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ad022cb by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
add-dsa-needed: Only list packages for stable for dsa-needed list
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
4c34d7c7 by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
DLA template: Switch to mention buster as the LTS release
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
01fd23e1 by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
DSA template: Do not mention the oldstable distribution
Support by Debian security team for buster/oldstable is moving to the
LTS team and no further updates are issued for buster/oldstable via a
DSA.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
a049561b by Salvatore Bonaccorso at 2022-08-01T06:39:39+02:00
security-team overview: Do not mention buster-security anymore
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
b6d962a0 by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
config.json: Reduce list of supported architectures for buster under LTS support
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
f68f19f5 by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
distributions.json: Move support of buster to LTS team
distributions.json is used by reportbug to decide where to redirect
potential regression reports. Move support for buster to the LTS team.
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
86c98a94 by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
LTS templates: Replace use of Stretch with Buster
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
1210b3fe by Salvatore Bonaccorso at 2022-08-01T06:54:53+02:00
LTS: When checking for missing lts uploads use buster sources
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
ff62784b by Salvatore Bonaccorso at 2022-08-01T12:03:04+00:00
Merge branch 'end-of-life-security-support-buster' into 'master'
End of life security support buster
See merge request security-tracker-team/security-tracker!105
- - - - -
10 changed files:
- bin/add-dsa-needed.sh
- bin/lts-missing-uploads
- data/config.json
- doc/DLA.template
- doc/DSA.template
- doc/security-team.d.o/index
- static/distributions.json
- templates/lts-no-dsa.txt
- templates/lts-update-planned-minor.txt
- templates/lts-update-planned.txt
Changes:
=====================================
bin/add-dsa-needed.sh
=====================================
@@ -20,7 +20,7 @@
set -eu
-include_oldstable=true
+include_oldstable=false
turl="https://security-tracker.debian.org/tracker/status/release"
[ -f data/dsa-needed.txt ] || {
=====================================
bin/lts-missing-uploads
=====================================
@@ -28,7 +28,7 @@ from debian.debian_support import Version
class LTSMissingUploads(object):
MONTHS = 6
- SOURCES = ['http://security.debian.org/dists/stretch/updates/{}/source/Sources.gz'.format(component)
+ SOURCES = ['http://security.debian.org/dists/buster/updates/{}/source/Sources.gz'.format(component)
for component in ('main', 'contrib', 'non-free')]
re_line = re.compile(
=====================================
data/config.json
=====================================
@@ -81,7 +81,7 @@
"buster-proposed-updates"
]
},
- "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips", "mips64el", "mipsel", "ppc64el", "s390x" ],
+ "architectures": [ "amd64", "arm64", "armhf", "i386" ],
"release": "oldstable"
},
"bullseye": {
=====================================
doc/DLA.template
=====================================
@@ -9,14 +9,14 @@ $SPACEDDATE https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : $PACKAGE
-Version : $stretch_VERSION
+Version : $buster_VERSION
CVE ID : $CVE
Debian Bug : $BUGNUM
$TEXT
-For Debian 9 stretch, this problem has been fixed in version
-$stretch_VERSION.
+For Debian 10 buster, this problem has been fixed in version
+$buster_VERSION.
We recommend that you upgrade your $PACKAGE packages.
=====================================
doc/DSA.template
=====================================
@@ -14,9 +14,6 @@ Debian Bug : $BUGNUM
$TEXT
-For the oldstable distribution ($OLDSTABLE), this problem has been fixed
-in version $$OLDSTABLE_VERSION.
-
For the stable distribution ($STABLE), this problem has been fixed in
version $$STABLE_VERSION.
=====================================
doc/security-team.d.o/index
=====================================
@@ -1,11 +1,9 @@
<table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
<tbody>
- <tr><th>buster 10</th><th>bullseye 11</th><th>bookworm 12</th><th>sid</th></tr>
- <tr><th>buster-security</th><th>bullseye-security</th><th>testing</th><th>unstable</th></tr>
+ <tr><th>bullseye 11</th><th>bookworm 12</th><th>sid</th></tr>
+ <tr><th>bullseye-security</th><th>testing</th><th>unstable</th></tr>
<tr>
<td valign="top">
- <a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
- </td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
</td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/testing">Vulnerable Packages</a><br\>
@@ -13,8 +11,6 @@
<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
</td></tr>
<tr><td valign="top">
- <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next (oldstable) point update</a><br\>
- </td><td valign="top">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
</td><td valign="top">
Next point update<br\>
=====================================
static/distributions.json
=====================================
@@ -16,8 +16,8 @@
},
"buster": {
"major-version": "10",
- "support": "security",
- "contact": "team at security.debian.org"
+ "support": "lts",
+ "contact": "debian-lts at lists.debian.org"
},
"bullseye": {
"major-version": "11",
=====================================
templates/lts-no-dsa.txt
=====================================
@@ -1,12 +1,12 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Stretch
+Subject: About the security issues affecting {{ package }} in Buster
Dear maintainer(s),
The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Stretch:
+package in Buster:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
@@ -15,10 +15,10 @@ https://security-tracker.debian.org/tracker/{{ entry }}
https://security-tracker.debian.org/tracker/source-package/{{ package }}
{%- endif %}
-We decided that we would not prepare a stretch security update (usually
+We decided that we would not prepare a buster security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
-That said the stretch users would most certainly benefit from a fixed
+That said the buster users would most certainly benefit from a fixed
package.
If you want to work on such an update, you're welcome to do so. Please
=====================================
templates/lts-update-planned-minor.txt
=====================================
@@ -1,10 +1,10 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: Stretch update of {{ package }} (minor security issues)?
+Subject: Buster update of {{ package }} (minor security issues)?
The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Stretch:
+package in Buster:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
@@ -17,7 +17,7 @@ We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low. When
resources are available on our side, one of the LTS team members will
start working on fixes for those minor security issues, as we think that
-the stretch users would most certainly benefit from a fixed package.
+the buster users would most certainly benefit from a fixed package.
If you'd rather want to work on such an update yourself, you're welcome
to do so. Please send us a short notification to the debian-lts mailing
=====================================
templates/lts-update-planned.txt
=====================================
@@ -1,12 +1,12 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: Stretch update of {{ package }}?
+Subject: Buster update of {{ package }}?
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
-currently open in the Stretch version of {{ package }}:
+currently open in the Buster version of {{ package }}:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e39a8f9c4324895bc4354ae2121ad90a60d5fff...ff62784b91e8d93e8d6918f7074e2212a87c2b89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e39a8f9c4324895bc4354ae2121ad90a60d5fff...ff62784b91e8d93e8d6918f7074e2212a87c2b89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220801/57a98eec/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list