[Git][security-tracker-team/security-tracker][master] dla: more packages to sync with bookworm
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon Aug 12 18:24:34 BST 2024
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f73f6a81 by Sylvain Beucler at 2024-08-12T19:24:00+02:00
dla: more packages to sync with bookworm
- - - - -
1 changed file:
- data/dla-needed.prospective
Changes:
=====================================
data/dla-needed.prospective
=====================================
@@ -32,42 +32,47 @@ NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT conflict with
NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see:
NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
---
-anki
- NOTE: 20240812: Added by Front-Desk (Beuc)
---
-asterisk
- NOTE: 20240812: Added by Front-Desk (Beuc)
--
bind9
NOTE: 20240729: Added by oldstable Security Team (carnil)
NOTE: 20240729: Followup improvement for bullseye, though candidate as well for pu (carnil)
- NOTE: 20240812: https://lists.debian.org/debian-security/2024/07/msg00009.html
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: https://lists.debian.org/debian-security/2024/07/msg00009.html
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+bluez
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from DLA-3157-1 (5 CVEs)
+ NOTE: 20240815: Follow fixes from DLA-3820-1 (1 CVE)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (3 CVEs) (Beuc/front-desk)
--
cacti (Bastien Roucarès)
NOTE: 20240522: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
calibre
NOTE: 20240808: Added by oldstable Security Team (carnil)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
cinder (Thomas Goirand)
NOTE: 20240704: Added by oldstable Security Team (carnil)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
- NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
--
dnsmasq (Lee Garrett)
NOTE: 20240313: Added by oldstable Security Team (jmm)
NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868
NOTE: 20240802: look quite disruptive. Contacting maintainer to consult on the best course of
NOTE: 20240802: action. (lee)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+edk2
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
+ NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
--
ffmpeg
- NOTE: 20240812: Added by Front-Desk (Beuc)
- NOTE: 20240812: Upgrade to 4.3.8 (Beuc/front-desk)
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Upgrade to 4.3.8 (Beuc/front-desk)
--
frr (Tobias Frost)
NOTE: 20231107: Added by oldstable Security Team (jmm)
@@ -76,30 +81,30 @@ frr (Tobias Frost)
--
ghostscript
NOTE: 20240718: Added by oldstable Security Team (carnil)
- NOTE: 20240812: A bookworm DSA is planned
- NOTE: 20240812: Coordinate bullseye update with carnil (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: Coordinate bullseye update with carnil (Beuc/front-desk)
--
git
NOTE: 20240522: Added by oldstable Security Team (jmm)
NOTE: 20240525: Maintainer is queried to prepare an update (carnil)
NOTE: 20240617: Maintainer prepared bookworm update, bullseye not yet done (carnil)
- NOTE: 20240812: A bookworm DSA is planned
- NOTE: 20240812: coordinate bullseye DLA with maintainer (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: coordinate bullseye DLA with maintainer (Beuc/front-desk)
--
glance (Thomas Goirand)
NOTE: 20240704: Added by oldstable Security Team (carnil)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
- NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
--
gpac
- NOTE: 20240812: Added by Front-Desk (Beuc)
- NOTE: 20240812: Considered for EOL
- NOTE: 20240812: https://lists.debian.org/debian-lts/2024/08/msg00004.html (Beuc/front-desk)
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Considered for EOL
+ NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00004.html (Beuc/front-desk)
--
h2o
NOTE: 20231107: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned
- NOTE: 20240812: coordinate bullseye DLA with secteam (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: coordinate bullseye DLA with secteam (Beuc/front-desk)
--
linux (Ben Hutchings)
NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
@@ -107,79 +112,86 @@ linux (Ben Hutchings)
nbconvert (Guilhem Moulin)
NOTE: 20240508: Added by stable Security Team (jmm)
NOTE: 20240604: Guilhem Moulin proposed an update ready for review (carnil)
- NOTE: 20240812: Follow fixes from DLA-3442-1 (CVE-2021-32862) (Beuc/front-desk)
+ NOTE: 20240815: Follow fixes from DLA-3442-1 (CVE-2021-32862) (Beuc/front-desk)
--
netatalk
NOTE: 20240807: Added by oldstable Security Team (jmm)
- NOTE: 20240812: pu in progress but looking stuck https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
- NOTE: 20240812: coordinate bullseye DLA with uploader (Beuc/front-desk)
+ NOTE: 20240815: pu in progress but looking stuck https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
+ NOTE: 20240815: coordinate bullseye DLA with uploader (Beuc/front-desk)
--
nodejs
NOTE: 20240215: Added by oldstable Security Team (jmm)
NOTE: 20240521: claim nodejs in dsa-needed.txt (aron)
- NOTE: 20240812: A bookworm DSA is planned
- NOTE: 20240812: coordinate bullseye DLA with aron (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: coordinate bullseye DLA with aron (Beuc/front-desk)
--
nova (Thomas Goirand)
NOTE: 20240704: Added by oldstable Security Team (carnil)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
- NOTE: 20240812: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
--
php-horde-mime-viewer (Mike Gabriel)
NOTE: 20220622: Added by stable Security Team (jmm)
- NOTE: 20240812: considered for EOL, sunweaver to work on an update
- NOTE: 20240812: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
+ NOTE: 20240815: considered for EOL, sunweaver to work on an update
+ NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
--
php-horde-turba (Mike Gabriel)
NOTE: 20220607: Added by stable Security Team (jmm)
- NOTE: 20240812: considered for EOL, sunweaver to work on an update
- NOTE: 20240812: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
+ NOTE: 20240815: considered for EOL, sunweaver to work on an update
+ NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
--
python-aiohttp
NOTE: 20240523: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
python-asyncssh
NOTE: 20240105: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
python-html-sanitizer
- NOTE: 20240812: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Added by Front-Desk (Beuc)
--
python-reportlab
NOTE: 20240807: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+qemu
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)
+ NOTE: 20240815: Follow fixes from bookworm 12.5 (CVE-2023-3019, CVE-2023-6693)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2024-3446,CVE-2024-3447)
+ NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
--
ring
NOTE: 20230301: Added by oldstable Security Team (jmm)
NOTE: 20230301: might make sense to rebase to current version (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
roundcube
NOTE: 20240805: Added by oldstable Security Team (jmm)
- NOTE: 20240808: Follow DSA-5743-1 (CVE-2024-42008,9,10) (Beuc/front-desk)
+ NOTE: 20240815: Follow DSA-5743-1 (CVE-2024-42008,9,10) (Beuc/front-desk)
--
ruby-httparty
- NOTE: 20240812: Added by Front-Desk (Beuc)
- NOTE: 20240812: Follow fixes from DLA-3716-1 (CVE-2024-22049) (Beuc/front-desk)
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from DLA-3716-1 (CVE-2024-22049) (Beuc/front-desk)
--
ruby-nokogiri
NOTE: 20221005: Added by stable Security Team (jmm)
- NOTE: 20240812: Follow fixes from DLA-3149-1 (CVE-2022-24836) (Beuc/front-desk)
+ NOTE: 20240815: Follow fixes from DLA-3149-1 (CVE-2022-24836) (Beuc/front-desk)
--
ruby-rails-html-sanitizer
NOTE: 20230901: Added by oldstable Security Team (jmm)
- NOTE: 20240812: Follow fixes from DLA-3566-1 and DLA-3227-1 (5 CVEs) (Beuc/front-desk)
+ NOTE: 20240815: Follow fixes from DLA-3566-1 and DLA-3227-1 (5 CVEs) (Beuc/front-desk)
--
ruby-sinatra
NOTE: 20230321: Added by stable Security Team (carnil)
NOTE: 20230321: Maintainer posted packaging repository link with proposed changes for review (carnil)
- NOTE: 20240812: Follow fixes from DLA-3264-1 (CVE-2022-45442)
- NOTE: 20240812: Coordinate with maintainer to review and publish https://salsa.debian.org/ruby-team/ruby-sinatra/-/blob/bullseye/debian/changelog (Beuc/front-desk)
+ NOTE: 20240815: Follow fixes from DLA-3264-1 (CVE-2022-45442)
+ NOTE: 20240815: Coordinate with maintainer to review and publish https://salsa.debian.org/ruby-team/ruby-sinatra/-/blob/bullseye/debian/changelog (Beuc/front-desk)
--
ruby-tzinfo
NOTE: 20240723: Added by stable Security Team (jmm)
- NOTE: 20240812: Follow fixes from DLA-3077-1 (CVE-2022-31163) (Beuc/front-desk)
+ NOTE: 20240815: Follow fixes from DLA-3077-1 (CVE-2022-31163) (Beuc/front-desk)
--
ruby2.7 (Sylvain Beucler)
NOTE: 20230508: Added by stable Security Team (jmm)
@@ -188,31 +200,35 @@ ruby2.7 (Sylvain Beucler)
--
setuptools
NOTE: 20240730: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
squid
NOTE: 20240308: Added by oldstable Security Team (apo)
NOTE: 20240308: Readd squid to dsa-needed.txt
NOTE: 20240308: There are still unfixed problems in both supported versions. Especially
NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
tinyproxy
- NOTE: 20240812: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: Added by oldstable Security Team (jmm)
--
trafficserver
NOTE: 20240802: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
twisted
NOTE: 20240807: Added by oldstable Security Team (jmm)
- NOTE: 20240812: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
--
upx-ucl
- NOTE: 20240812: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+--
+wireshark
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bullseye (Beuc/front-desk)
--
zabbix
NOTE: 20240126: Added by oldstable Security Team (jmm)
- NOTE: 20240812: sync fixes from bookworm and buster
- NOTE: 20240812: A bookworm DSA is planned for 8 new CVEs (Beuc/front-desk)
+ NOTE: 20240815: sync fixes from bookworm and buster
+ NOTE: 20240815: A bookworm DSA is planned for 8 new CVEs (Beuc/front-desk)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73f6a815c61968793316f050cab11f78b7a83f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73f6a815c61968793316f050cab11f78b7a83f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240812/4b3942e6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list