[Git][security-tracker-team/security-tracker][master] 8 commits: add-dsa-needed: Only list packages for stable for dsa-needed list

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 15 04:45:30 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66a3a99e by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
add-dsa-needed: Only list packages for stable for dsa-needed list

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
b0fda71e by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
DLA template: Switch to mention bullseye as the LTS release

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
35ef41a6 by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
DSA template: Do not mention the oldstable distribution

Support by Debian security team for bullseye/oldstable is moving to the
LTS team and no further updates are issued for bullseye/oldstable via a
DSA.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
05d58b79 by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
security-team overview: Do not mention bullseye-security anymore

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
5328666c by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
config.json: Reduce list of supported architectures for bullseye under LTS support

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
7fef369f by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
distributions.json: Move support of bullseye to LTS team

distributions.json is used by reportbug to decide where to redirect
potential regression reports. Move support for bullseye to the LTS team.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
71d0d982 by Salvatore Bonaccorso at 2024-08-12T17:18:20+02:00
LTS templates: Replace use of Buster with Bullseye

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
4db00a24 by Salvatore Bonaccorso at 2024-08-15T03:45:14+00:00
Merge branch 'end-of-life-security-support-bullseye' into 'master'

End of life security support bullseye

See merge request security-tracker-team/security-tracker!173
- - - - -


9 changed files:

- bin/add-dsa-needed.sh
- data/config.json
- doc/DLA.template
- doc/DSA.template
- doc/security-team.d.o/index
- static/distributions.json
- templates/lts-no-dsa.txt
- templates/lts-update-planned-minor.txt
- templates/lts-update-planned.txt


Changes:

=====================================
bin/add-dsa-needed.sh
=====================================
@@ -20,7 +20,7 @@
 
 set -eu
 
-include_oldstable=true
+include_oldstable=false
 turl="https://security-tracker.debian.org/tracker/status/release"
 
 [ -f data/dsa-needed.txt ] || {


=====================================
data/config.json
=====================================
@@ -92,7 +92,7 @@
           "bullseye-proposed-updates"
         ]
       },
-      "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips64el", "mipsel", "ppc64el", "s390x" ],
+      "architectures": [ "amd64", "arm64", "armhf", "i386" ],
       "release": "oldstable"
     },
     "bookworm": {


=====================================
doc/DLA.template
=====================================
@@ -9,14 +9,14 @@ $SPACEDDATE                        https://wiki.debian.org/LTS
 -------------------------------------------------------------------------
 
 Package        : $PACKAGE
-Version        : $buster_VERSION
+Version        : $bullseye_VERSION
 CVE ID         : $CVE
 Debian Bug     : $BUGNUM
 
 $TEXT
 
-For Debian 10 buster, this problem has been fixed in version
-$buster_VERSION.
+For Debian 11 bullseye, this problem has been fixed in version
+$bullseye_VERSION.
 
 We recommend that you upgrade your $PACKAGE packages.
 


=====================================
doc/DSA.template
=====================================
@@ -14,9 +14,6 @@ Debian Bug     : $BUGNUM
 
 $TEXT
 
-For the oldstable distribution ($OLDSTABLE), this problem has been fixed
-in version $$OLDSTABLE_VERSION.
-
 For the stable distribution ($STABLE), this problem has been fixed in
 version $$STABLE_VERSION.
 


=====================================
doc/security-team.d.o/index
=====================================
@@ -1,11 +1,9 @@
 <table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
 	<tbody>
-            <tr><th>bullseye 11</th><th>bookworm 12</th><th>trixie 13</th><th>sid</th></tr>
-            <tr><th>bullseye-security</th><th>bookworm-security</th><th>testing</th><th>unstable</th></tr>
+            <tr><th>bookworm 12</th><th>trixie 13</th><th>sid</th></tr>
+            <tr><th>bookworm-security</th><th>testing</th><th>unstable</th></tr>
 	<tr>
 	<td valign="top">
-		<a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
-	</td><td valign="top">
 		<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
 	</td><td valign="top">
 		<a href="https://security-tracker.debian.org/tracker/status/release/testing">Vulnerable Packages</a><br\>
@@ -13,8 +11,6 @@
 		<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
 	</td></tr>
 	<tr><td valign="top">
-                <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next (oldstable) point update</a><br\>
-	</td><td valign="top">
                 <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
 	</td><td valign="top">
 		Next point update<br\>


=====================================
static/distributions.json
=====================================
@@ -21,8 +21,8 @@
   },
   "bullseye": {
     "major-version": "11",
-    "support": "security",
-    "contact": "team at security.debian.org"
+    "support": "lts",
+    "contact": "debian-lts at lists.debian.org"
   },
   "bookworm": {
     "major-version": "12",


=====================================
templates/lts-no-dsa.txt
=====================================
@@ -1,12 +1,12 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Buster
+Subject: About the security issues affecting {{ package }} in Bullseye
 
 Dear maintainer(s),
 
 The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Buster:
+package in Bullseye:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -15,10 +15,10 @@ https://security-tracker.debian.org/tracker/{{ entry }}
 https://security-tracker.debian.org/tracker/source-package/{{ package }}
 {%- endif %}
 
-We decided that we would not prepare a buster security update (usually
+We decided that we would not prepare a bullseye security update (usually
 because the security impact is low and that we concentrate our limited
 resources on higher severity issues and on the most widely used packages).
-That said the buster users would most certainly benefit from a fixed
+That said the bullseye users would most certainly benefit from a fixed
 package.
 
 If you want to work on such an update, you're welcome to do so. Please


=====================================
templates/lts-update-planned-minor.txt
=====================================
@@ -1,10 +1,10 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: Buster update of {{ package }} (minor security issues)?
+Subject: Bullseye update of {{ package }} (minor security issues)?
 
 The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Buster:
+package in Bullseye:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -17,7 +17,7 @@ We decided that a member of the LTS team should take a look at this
 package, although the security impact of still open issues is low. When
 resources are available on our side, one of the LTS team members will
 start working on fixes for those minor security issues, as we think that
-the buster users would most certainly benefit from a fixed package.
+the bullseye users would most certainly benefit from a fixed package.
 
 If you'd rather want to work on such an update yourself, you're welcome
 to do so. Please send us a short notification to the debian-lts mailing


=====================================
templates/lts-update-planned.txt
=====================================
@@ -1,12 +1,12 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: Buster update of {{ package }}?
+Subject: Bullseye update of {{ package }}?
 
 Dear maintainer(s),
 
 The Debian LTS team would like to fix the security issues which are
-currently open in the Buster version of {{ package }}:
+currently open in the Bullseye version of {{ package }}:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0269dbf3807b488df46571da8c2735a8bade10a5...4db00a2483188e08ddd78d10bd52580f919d987a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0269dbf3807b488df46571da8c2735a8bade10a5...4db00a2483188e08ddd78d10bd52580f919d987a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240815/19da8c31/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list