[Git][security-tracker-team/security-tracker][master] dla: packages to sync with bookworm pu

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
378d7743 by Sylvain Beucler at 2024-08-12T21:16:00+02:00
dla: packages to sync with bookworm pu

- - - - -


1 changed file:

- data/dla-needed.prospective


Changes:

=====================================
data/dla-needed.prospective
=====================================
@@ -51,13 +51,19 @@ cacti (Bastien Roucarès)
 --
 calibre
   NOTE: 20240808: Added by oldstable Security Team (carnil)
-  NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+  NOTE: 20240815: A bookworm DSA is planned
+  NOTE: 20240815: Also follow fixes from bookworm 12.5 (CVE-2023-46303) (Beuc/front-desk)
 --
 cinder (Thomas Goirand)
   NOTE: 20240704: Added by oldstable Security Team (carnil)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
   NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
 --
+cjson
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074090
+  NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
 dnsmasq (Lee Garrett)
   NOTE: 20240313: Added by oldstable Security Team (jmm)
   NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868
@@ -70,6 +76,11 @@ edk2
   NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
   NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
 --
+exim4
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.3 (2 CVEs)
+  NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
+--
 ffmpeg
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Upgrade to 4.3.8 (Beuc/front-desk)
@@ -106,6 +117,11 @@ h2o
   NOTE: 20240815: A bookworm DSA is planned
   NOTE: 20240815: coordinate bullseye DLA with secteam (Beuc/front-desk)
 --
+indent
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074142
+  NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --
@@ -130,6 +146,10 @@ nova (Thomas Goirand)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
   NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
 --
+nsis
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-37378) (Beuc/front-desk)
+--
 php-horde-mime-viewer (Mike Gabriel)
   NOTE: 20220622: Added by stable Security Team (jmm)
   NOTE: 20240815: considered for EOL, sunweaver to work on an update
@@ -209,6 +229,10 @@ squid
   NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
 --
+systemd
+  NOTE: 20240815: Added by Front-Desk (Beuc)
+  NOTE: 20240815: Follow fixes from bookworm 12.5 and 12.6 (3 CVEs) (Beuc/front-desk)
+--
 tinyproxy
   NOTE: 20240815: Added by oldstable Security Team (jmm)
 --
@@ -225,7 +249,7 @@ upx-ucl
 --
 wireshark
   NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bullseye (Beuc/front-desk)
+  NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bookworm (Beuc/front-desk)
 --
 zabbix
   NOTE: 20240126: Added by oldstable Security Team (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378d7743a249f4414e01c1e8525b716cd1d6e0a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378d7743a249f4414e01c1e8525b716cd1d6e0a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240812/efefee67/attachment-0001.htm>