[Git][security-tracker-team/security-tracker][master] dla: prospective: finish importing packages from dsa-needed + bullseye-only packages

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Mon Aug 12 17:43:59 BST 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7fcf185 by Sylvain Beucler at 2024-08-12T18:32:03+02:00
dla: prospective: finish importing packages from dsa-needed + bullseye-only packages

- - - - -


1 changed file:

- data/dla-needed.prospective


Changes:

=====================================
data/dla-needed.prospective
=====================================
@@ -1,3 +1,7 @@
+* 
+* Prospective dla-needed.txt, to prepare for bullseye-lts handover on 2024-08-15
+* 
+
 An LTS security update is needed for the following source packages.
 
 To add a new entry, please coordinate with this week's Front-Desk
@@ -28,6 +32,12 @@ NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT conflict with
 NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see:
 NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
 
+--
+anki
+  NOTE: 20240812: Added by Front-Desk (Beuc)
+--
+asterisk
+  NOTE: 20240812: Added by Front-Desk (Beuc)
 --
 bind9
   NOTE: 20240729: Added by oldstable Security Team (carnil)
@@ -72,7 +82,7 @@ ghostscript
 git
   NOTE: 20240522: Added by oldstable Security Team (jmm)
   NOTE: 20240525: Maintainer is queried to prepare an update (carnil)
-  NOTE: 20240617: prepared bookworm update, bullseye not yet done (carnil)
+  NOTE: 20240617: Maintainer prepared bookworm update, bullseye not yet done (carnil)
   NOTE: 20240812: A bookworm DSA is planned
   NOTE: 20240812: coordinate bullseye DLA with maintainer (Beuc/front-desk)
 --
@@ -81,6 +91,11 @@ glance (Thomas Goirand)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
   NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
 --
+gpac
+  NOTE: 20240812: Added by Front-Desk (Beuc)
+  NOTE: 20240812: Considered for EOL
+  NOTE: 20240812: https://lists.debian.org/debian-lts/2024/08/msg00004.html (Beuc/front-desk)
+--
 h2o
   NOTE: 20231107: Added by oldstable Security Team (jmm)
   NOTE: 20240812: A bookworm DSA is planned
@@ -89,6 +104,11 @@ h2o
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --
+nbconvert (Guilhem Moulin)
+  NOTE: 20240508: Added by stable Security Team (jmm)
+  NOTE: 20240604: Guilhem Moulin proposed an update ready for review (carnil)
+  NOTE: 20240812: Follow fixes from DLA-3442-1 (CVE-2021-32862) (Beuc/front-desk)
+--
 netatalk
   NOTE: 20240807: Added by oldstable Security Team (jmm)
   NOTE: 20240812: pu in progress but looking stuck https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
@@ -105,6 +125,16 @@ nova (Thomas Goirand)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
   NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
 --
+php-horde-mime-viewer (Mike Gabriel)
+  NOTE: 20220622: Added by stable Security Team (jmm)
+  NOTE: 20240812: considered for EOL, sunweaver to work on an update
+  NOTE: 20240812: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
+--
+php-horde-turba (Mike Gabriel)
+  NOTE: 20220607: Added by stable Security Team (jmm)
+  NOTE: 20240812: considered for EOL, sunweaver to work on an update
+  NOTE: 20240812: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
+--
 python-aiohttp
   NOTE: 20240523: Added by oldstable Security Team (jmm)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
@@ -113,6 +143,9 @@ python-asyncssh
   NOTE: 20240105: Added by oldstable Security Team (jmm)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
 --
+python-html-sanitizer
+  NOTE: 20240812: Added by Front-Desk (Beuc)
+--
 python-reportlab
   NOTE: 20240807: Added by oldstable Security Team (jmm)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
@@ -126,6 +159,28 @@ roundcube
   NOTE: 20240805: Added by oldstable Security Team (jmm)
   NOTE: 20240808: Follow DSA-5743-1 (CVE-2024-42008,9,10) (Beuc/front-desk)
 --
+ruby-httparty
+  NOTE: 20240812: Added by Front-Desk (Beuc)
+  NOTE: 20240812: Follow fixes from DLA-3716-1 (CVE-2024-22049) (Beuc/front-desk)
+--
+ruby-nokogiri
+  NOTE: 20221005: Added by stable Security Team (jmm)
+  NOTE: 20240812: Follow fixes from DLA-3149-1 (CVE-2022-24836) (Beuc/front-desk)
+--
+ruby-rails-html-sanitizer
+  NOTE: 20230901: Added by oldstable Security Team (jmm)
+  NOTE: 20240812: Follow fixes from DLA-3566-1 and DLA-3227-1 (5 CVEs) (Beuc/front-desk)
+--
+ruby-sinatra
+  NOTE: 20230321: Added by stable Security Team (carnil)
+  NOTE: 20230321: Maintainer posted packaging repository link with proposed changes for review (carnil)
+  NOTE: 20240812: Follow fixes from DLA-3264-1 (CVE-2022-45442)
+  NOTE: 20240812: Coordinate with maintainer to review and publish https://salsa.debian.org/ruby-team/ruby-sinatra/-/blob/bullseye/debian/changelog (Beuc/front-desk)
+--
+ruby-tzinfo
+  NOTE: 20240723: Added by stable Security Team (jmm)
+  NOTE: 20240812: Follow fixes from DLA-3077-1 (CVE-2022-31163) (Beuc/front-desk)
+--
 ruby2.7 (Sylvain Beucler)
   NOTE: 20230508: Added by stable Security Team (jmm)
   NOTE: 20240716: Samuel Henrique (samueloph) is working on a update
@@ -142,6 +197,9 @@ squid
   NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
 --
+tinyproxy
+  NOTE: 20240812: Added by oldstable Security Team (jmm)
+--
 trafficserver
   NOTE: 20240802: Added by oldstable Security Team (jmm)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
@@ -150,6 +208,9 @@ twisted
   NOTE: 20240807: Added by oldstable Security Team (jmm)
   NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
 --
+upx-ucl
+  NOTE: 20240812: Added by Front-Desk (Beuc)
+--
 zabbix
   NOTE: 20240126: Added by oldstable Security Team (jmm)
   NOTE: 20240812: sync fixes from bookworm and buster



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7fcf1859e51b338abf6c13068545b562fabf1f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7fcf1859e51b338abf6c13068545b562fabf1f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240812/c020df02/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list