[Git][security-tracker-team/security-tracker][master] Add notes for packages

Tue May 3 13:39:20 BST 2022


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f183d0ef by Utkarsh Gupta at 2022-05-03T18:08:55+05:30
Add notes for packages

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -42,11 +42,11 @@ composer: (Markus Koschany)
   NOTE: 20220424: programming language PHP
   NOTE: 20220424: check whether really affected (Anton)
 --
-debian-security-support
+debian-security-support (Utkarsh)
   NOTE: 20220402: need to update the list of unsupported packages (Beuc)
   NOTE: 20220402: check debian/README.source, sync with h01ger, and announce EOL'd packages (Beuc)
   NOTE: 20220402: context: https://lists.debian.org/debian-lts/2022/04/msg00000.html (Beuc)
-  NOTE: 20220419: backport prepped, will contact Holger for more details. (utkarsh)
+  NOTE: 20220502: backport prepped, will contact Holger for more details. (utkarsh)
 --
 ffmpeg (enrico)
   NOTE: 20220503: update to 3.2.17 (pochu)
@@ -105,14 +105,17 @@ linux-4.19 (Ben Hutchings)
 mariadb-10.1
   NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton)
 --
-mbedtls
+mbedtls (Utkarsh)
   NOTE: 20220404: update prepared, needs testing. (utkarsh)
   NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh)
+  NOTE: 20220502: will upload with 1 fix and mark the other one
+  NOTE: 20220502: as no-dsa today/tomorrow. (utkarsh)
 --
 mruby (Abhijith PA)
   NOTE: https://people.debian.org/~abhijith/upload/mruby/mruby_1.2.0+20161228+git30d5424a-1+deb9u1.dsc (abhijith)
 --
 mutt (Utkarsh)
+  NOTE: 20220502: update prepared. smoke test pending. (utkarsh)
 --
 nvidia-cuda-toolkit
    NOTE: 20220331: package is in non-free but also in packages-to-support (Beuc)
@@ -140,6 +143,7 @@ ring (Abhijith PA)
 ruby-devise-two-factor
   NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to this being the result
   NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some investigation. (lamby)
+  NOTE: 20220502: should be marked as no-dsa; will send more details on the list. (utkarsh)
 --
 salt
 --
@@ -165,10 +169,11 @@ subversion (Roberto C. Sánchez)
   NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby)
   NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico)
 --
-tiff
+tiff (Utkarsh)
   NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff.
   NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh)
   NOTE: 20220419: new CVE reported; waiting to see if there are more. (utkarsh)
+  NOTE: 20220502: will collate the new CVEs and update the package. (utkarsh)
 --
 twig (Markus Koschany)
   NOTE: 20220402: cf. DSA-5107-1; similar code in lib/Twig/Extension/Core.php (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f183d0effce18ad962a639c9f5720227f709d326

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f183d0effce18ad962a639c9f5720227f709d326
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/1b411124/attachment-0001.htm>
