[Git][security-tracker-team/security-tracker][master] dla: prepare dla-needed.txt for bullseye-lts; import bullseye work from dsa-needed.txt

Mon Aug 12 16:05:16 BST 2024


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e077d30 by Sylvain Beucler at 2024-08-12T17:04:21+02:00
dla: prepare dla-needed.txt for bullseye-lts; import bullseye work from dsa-needed.txt

- - - - -


1 changed file:

- + data/dla-needed.prospective


Changes:

=====================================
data/dla-needed.prospective
=====================================
@@ -0,0 +1,157 @@
+An LTS security update is needed for the following source packages.
+
+To add a new entry, please coordinate with this week's Front-Desk
+person, and use the 'package-operations' LTS tool.
+
+The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
+https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
+when working on an update.
+
+A note to Freexian contributors/collaborators: when selecting what
+package to work on first, please use:
+  ./find-work
+  https://freexian.gitlab.io/services/deblts-team/documentation/lts/information-for-lts-contributors.html
+  (private for now)
+to sort packages by priority and display important notes about the
+package (special attention, VCS, testing procedures, programming
+language, maintainers to coordinate with, etc.).
+
+To work on a package, simply add your name behind it. To learn more about how
+this list is updated have a look at
+https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issues
+
+To make it easier to see the entire history of an update, please append notes
+rather than remove/replace existing ones.
+
+NOTE: IMPORTANT: Last point update planned 2024-08-31 (2 weeks after)
+NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT conflict with
+NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see:
+NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
+
+--
+bind9
+  NOTE: 20240729: Added by oldstable Security Team (carnil)
+  NOTE: 20240729: Followup improvement for bullseye, though candidate as well for pu (carnil)
+  NOTE: 20240812: https://lists.debian.org/debian-security/2024/07/msg00009.html
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+cacti (Bastien Roucarès)
+  NOTE: 20240522: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+calibre
+  NOTE: 20240808: Added by oldstable Security Team (carnil)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+cinder (Thomas Goirand)
+  NOTE: 20240704: Added by oldstable Security Team (carnil)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+  NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+--
+dnsmasq (Lee Garrett)
+  NOTE: 20240313: Added by oldstable Security Team (jmm)
+  NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868
+  NOTE: 20240802: look quite disruptive. Contacting maintainer to consult on the best course of
+  NOTE: 20240802: action. (lee)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+ffmpeg
+  NOTE: 20240812: Added by Front-Desk (Beuc)
+  NOTE: 20240812: Upgrade to 4.3.8 (Beuc/front-desk)
+--
+frr (Tobias Frost)
+  NOTE: 20231107: Added by oldstable Security Team (jmm)
+  NOTE: 20240404: Tobias Frost (tobi) proposed to work on preparing an update (carnil)
+  NOTE: 20240525: discussion with Debian maintainer for status on bullseye + updates (carnil)
+--
+ghostscript
+  NOTE: 20240718: Added by oldstable Security Team (carnil)
+  NOTE: 20240812: A bookworm DSA is planned
+  NOTE: 20240812: Coordinate bullseye update with carnil (Beuc/front-desk)
+--
+git
+  NOTE: 20240522: Added by oldstable Security Team (jmm)
+  NOTE: 20240525: Maintainer is queried to prepare an update (carnil)
+  NOTE: 20240617: prepared bookworm update, bullseye not yet done (carnil)
+  NOTE: 20240812: A bookworm DSA is planned
+  NOTE: 20240812: coordinate bullseye DLA with maintainer (Beuc/front-desk)
+--
+glance (Thomas Goirand)
+  NOTE: 20240704: Added by oldstable Security Team (carnil)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+  NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+--
+h2o
+  NOTE: 20231107: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned
+  NOTE: 20240812: coordinate bullseye DLA with secteam (Beuc/front-desk)
+--
+linux (Ben Hutchings)
+  NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
+--
+netatalk
+  NOTE: 20240807: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: pu in progress but looking stuck https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
+  NOTE: 20240812: coordinate bullseye DLA with uploader (Beuc/front-desk)
+--
+nodejs
+  NOTE: 20240215: Added by oldstable Security Team (jmm)
+  NOTE: 20240521: claim nodejs in dsa-needed.txt (aron)
+  NOTE: 20240812: A bookworm DSA is planned
+  NOTE: 20240812: coordinate bullseye DLA with aron (Beuc/front-desk)
+--
+nova (Thomas Goirand)
+  NOTE: 20240704: Added by oldstable Security Team (carnil)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+  NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+--
+python-aiohttp
+  NOTE: 20240523: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+python-asyncssh
+  NOTE: 20240105: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+python-reportlab
+  NOTE: 20240807: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+ring
+  NOTE: 20230301: Added by oldstable Security Team (jmm)
+  NOTE: 20230301: might make sense to rebase to current version (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+roundcube
+  NOTE: 20240805: Added by oldstable Security Team (jmm)
+  NOTE: 20240808: Follow DSA-5743-1 (CVE-2024-42008,9,10) (Beuc/front-desk)
+--
+ruby2.7 (Sylvain Beucler)
+  NOTE: 20230508: Added by stable Security Team (jmm)
+  NOTE: 20240716: Samuel Henrique (samueloph) is working on a update
+  NOTE: 20240801: LTS contribution WIP at https://salsa.debian.org/lts-team/packages/ruby/-/commits/debian/bullseye/ (Beuc)
+--
+setuptools
+  NOTE: 20240730: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+squid
+  NOTE: 20240308: Added by oldstable Security Team (apo)
+  NOTE: 20240308: Readd squid to dsa-needed.txt
+  NOTE: 20240308: There are still unfixed problems in both supported versions. Especially
+  NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+trafficserver
+  NOTE: 20240802: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+twisted
+  NOTE: 20240807: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+--
+zabbix
+  NOTE: 20240126: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: sync fixes from bookworm and buster
+  NOTE: 20240812: A bookworm DSA is planned for 8 new CVEs (Beuc/front-desk)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e077d302fdbe5fd6e2e102ebafe504c4439adc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e077d302fdbe5fd6e2e102ebafe504c4439adc9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240812/48668c64/attachment-0001.htm>
