[Git][security-tracker-team/security-tracker][master] 2 commits: dla: sync dsa-needed.txt
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Thu Aug 15 07:25:32 BST 2024
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce66fcf3 by Sylvain Beucler at 2024-08-15T08:19:42+02:00
dla: sync dsa-needed.txt
- - - - -
479ea9bc by Sylvain Beucler at 2024-08-15T08:22:44+02:00
dla: open bullseye-lts tasks
- - - - -
2 changed files:
- − data/dla-needed.prospective
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.prospective deleted
=====================================
@@ -1,320 +0,0 @@
-*
-* Prospective dla-needed.txt, to prepare for bullseye-lts handover on 2024-08-15
-*
-
-An LTS security update is needed for the following source packages.
-
-To add a new entry, please coordinate with this week's Front-Desk
-person, and use the 'package-operations' LTS tool.
-
-The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
-https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
-when working on an update.
-
-A note to Freexian contributors/collaborators: when selecting what
-package to work on first, please use:
- ./find-work
- https://freexian.gitlab.io/services/deblts-team/documentation/lts/information-for-lts-contributors.html
- (private for now)
-to sort packages by priority and display important notes about the
-package (special attention, VCS, testing procedures, programming
-language, maintainers to coordinate with, etc.).
-
-To work on a package, simply add your name behind it. To learn more about how
-this list is updated have a look at
-https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issues
-
-To make it easier to see the entire history of an update, please append notes
-rather than remove/replace existing ones.
-
-NOTE: IMPORTANT: Last point update planned 2024-08-31 (2 weeks after bullseye-lts start)
-NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT conflict with
-NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see:
-NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
-
---
-amanda
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from buster DLA-3681-1 (3 CVEs) and bookworm 12.4 (CVE-2023-30577) (Beuc/front-desk)
---
-asterisk
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: CVE-2024-42365 is privilege escalation. (Beuc/front-desk)
---
-bind9
- NOTE: 20240729: Added by oldstable Security Team (carnil)
- NOTE: 20240729: Followup improvement for bullseye, though candidate as well for pu (carnil)
- NOTE: 20240815: https://lists.debian.org/debian-security/2024/07/msg00009.html
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-bluez
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from DLA-3157-1 (5 CVEs)
- NOTE: 20240815: Follow fixes from DLA-3820-1 (1 CVE)
- NOTE: 20240815: Follow fixes from bookworm 12.6 (3 CVEs) (Beuc/front-desk)
---
-cacti (Bastien Roucarès)
- NOTE: 20240522: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-calibre
- NOTE: 20240808: Added by oldstable Security Team (carnil)
- NOTE: 20240815: A bookworm DSA is planned
- NOTE: 20240815: Also follow fixes from bookworm 12.5 (CVE-2023-46303) (Beuc/front-desk)
---
-cinder (Thomas Goirand)
- NOTE: 20240704: Added by oldstable Security Team (carnil)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
- NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
---
-cjson
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074090
- NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
---
-dnsmasq (Lee Garrett)
- NOTE: 20240313: Added by oldstable Security Team (jmm)
- NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868
- NOTE: 20240802: look quite disruptive. Contacting maintainer to consult on the best course of
- NOTE: 20240802: action. (lee)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-edk2
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
- NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
---
-exim4
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.3 (2 CVEs)
- NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
---
-ffmpeg
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
---
-frr (Tobias Frost)
- NOTE: 20231107: Added by oldstable Security Team (jmm)
- NOTE: 20240404: Tobias Frost (tobi) proposed to work on preparing an update (carnil)
- NOTE: 20240525: discussion with Debian maintainer for status on bullseye + updates (carnil)
---
-ghostscript
- NOTE: 20240718: Added by oldstable Security Team (carnil)
- NOTE: 20240815: A bookworm DSA is planned
- NOTE: 20240815: Coordinate bullseye update with carnil (Beuc/front-desk)
---
-git
- NOTE: 20240522: Added by oldstable Security Team (jmm)
- NOTE: 20240525: Maintainer is queried to prepare an update (carnil)
- NOTE: 20240617: Maintainer prepared bookworm update, bullseye not yet done (carnil)
- NOTE: 20240815: A bookworm DSA is planned
- NOTE: 20240815: coordinate bullseye DLA with maintainer (Beuc/front-desk)
---
-glance (Thomas Goirand)
- NOTE: 20240704: Added by oldstable Security Team (carnil)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
- NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
---
-glewlwyd
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: A couple minor issues could be sync'd from bookworm, and a few postponed, but this can wait.
- NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
- NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
---
-glibc
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: A couple minor issues could be sync'd from bookworm but this can wait.
- NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076832
- NOTE: 20240815: pu syncs with 2.31 upstream branch
- NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
---
-gnutls28
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.6 (2 CVEs + other security fixes without CVE) (Beuc/front-desk)
---
-gpac
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Considered for EOL
- NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00004.html (Beuc/front-desk)
---
-h2o
- NOTE: 20231107: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned
- NOTE: 20240815: coordinate bullseye DLA with secteam (Beuc/front-desk)
---
-indent
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074142
- NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
---
-libtommath
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-36328) (Beuc/front-desk)
---
-libxml2
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2022-2309) (low-priority)
- NOTE: 20240815: Consider fixing CVE-2016-3709 (Beuc/front-desk)
---
-linux (Ben Hutchings)
- NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
---
-nbconvert (Guilhem Moulin)
- NOTE: 20240508: Added by stable Security Team (jmm)
- NOTE: 20240604: Guilhem Moulin proposed an update ready for review (carnil)
- NOTE: 20240815: Follow fixes from DLA-3442-1 (CVE-2021-32862) (Beuc/front-desk)
---
-netatalk
- NOTE: 20240807: Added by oldstable Security Team (jmm)
- NOTE: 20240815: pu in progress but looking stuck https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
- NOTE: 20240815: coordinate bullseye DLA with uploader (Beuc/front-desk)
---
-nodejs
- NOTE: 20240215: Added by oldstable Security Team (jmm)
- NOTE: 20240521: claim nodejs in dsa-needed.txt (aron)
- NOTE: 20240815: A bookworm DSA is planned
- NOTE: 20240815: coordinate bullseye DLA with aron (Beuc/front-desk)
---
-nova (Thomas Goirand)
- NOTE: 20240704: Added by oldstable Security Team (carnil)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
- NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
---
-nsis
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-37378) (Beuc/front-desk)
---
-opensc
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from buster DLA-3463-1 (5 CVEs) and bookworm 12.4 (2 CVEs) (Beuc/front-desk)
---
-openssl
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-5678, CVE-2024-0727) (Beuc/front-desk)
---
-php-horde-mime-viewer (Mike Gabriel)
- NOTE: 20220622: Added by stable Security Team (jmm)
- NOTE: 20240815: considered for EOL, sunweaver to work on an update
- NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
---
-php-horde-turba (Mike Gabriel)
- NOTE: 20220607: Added by stable Security Team (jmm)
- NOTE: 20240815: considered for EOL, sunweaver to work on an update
- NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
---
-proftpd-dfsg
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.5 (2 CVEs) (Beuc/front-desk)
---
-pymongo (Bastien Roucarès)
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073529 (CVE-2024-5629)
- NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
---
-python-aiohttp
- NOTE: 20240523: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-python-asyncssh
- NOTE: 20240105: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-python-git
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from buster DLA-3589-1, buster DLA-3502-1 and bookworm 12.2 (3 CVEs) (Beuc/front-desk)
---
-python-html-sanitizer
- NOTE: 20240815: Added by Front-Desk (Beuc)
---
-python-reportlab
- NOTE: 20240807: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-qemu
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)
- NOTE: 20240815: Follow fixes from bookworm 12.5 (CVE-2023-3019, CVE-2023-6693)
- NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2024-3446,CVE-2024-3447)
- NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
---
-redis
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from buster DLA-3361-1, DLA-3396-1 and bookworm DLA-3361-1 (3 CVEs) (Beuc/front-desk)
---
-ring
- NOTE: 20230301: Added by oldstable Security Team (jmm)
- NOTE: 20230301: might make sense to rebase to current version (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-ruby-httparty
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from DLA-3716-1 (CVE-2024-22049) (Beuc/front-desk)
---
-ruby-nokogiri
- NOTE: 20221005: Added by stable Security Team (jmm)
- NOTE: 20240815: Follow fixes from DLA-3149-1 (CVE-2022-24836) (Beuc/front-desk)
---
-ruby-rails-html-sanitizer
- NOTE: 20230901: Added by oldstable Security Team (jmm)
- NOTE: 20240815: Follow fixes from DLA-3566-1 and DLA-3227-1 (5 CVEs) (Beuc/front-desk)
---
-ruby-sinatra
- NOTE: 20230321: Added by stable Security Team (carnil)
- NOTE: 20230321: Maintainer posted packaging repository link with proposed changes for review (carnil)
- NOTE: 20240815: Follow fixes from DLA-3264-1 (CVE-2022-45442)
- NOTE: 20240815: Coordinate with maintainer to review and publish https://salsa.debian.org/ruby-team/ruby-sinatra/-/blob/bullseye/debian/changelog (Beuc/front-desk)
---
-ruby-tzinfo
- NOTE: 20240723: Added by stable Security Team (jmm)
- NOTE: 20240815: Follow fixes from DLA-3077-1 (CVE-2022-31163) (Beuc/front-desk)
---
-ruby2.7 (Sylvain Beucler)
- NOTE: 20230508: Added by stable Security Team (jmm)
- NOTE: 20240716: Samuel Henrique (samueloph) is working on a update
- NOTE: 20240801: LTS contribution WIP at https://salsa.debian.org/lts-team/packages/ruby/-/commits/debian/bullseye/ (Beuc)
---
-setuptools
- NOTE: 20240730: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-smarty3
- NOTE: 20240814: Added by oldstable Security Team (jmm)
---
-squid
- NOTE: 20240308: Added by oldstable Security Team (apo)
- NOTE: 20240308: Readd squid to dsa-needed.txt
- NOTE: 20240308: There are still unfixed problems in both supported versions. Especially
- NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-systemd
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.5 and 12.6 (3 CVEs) (Beuc/front-desk)
---
-texlive-bin
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2023-32668) (Beuc/front-desk)
---
-tinyproxy
- NOTE: 20240609: Added by oldstable Security Team (jmm)
---
-trafficserver
- NOTE: 20240802: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-twisted
- NOTE: 20240807: Added by oldstable Security Team (jmm)
- NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
---
-upx-ucl
- NOTE: 20240815: Added by Front-Desk (Beuc)
---
-wireshark
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bookworm (Beuc/front-desk)
---
-zabbix
- NOTE: 20240126: Added by oldstable Security Team (jmm)
- NOTE: 20240815: sync fixes from bookworm and buster
- NOTE: 20240815: A bookworm DSA is planned for 8 new CVEs (Beuc/front-desk)
---
=====================================
data/dla-needed.txt
=====================================
@@ -23,17 +23,300 @@ https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issu
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
-NOTE: IMPORTANT: buster->bullseye LTS transition effective 2024-08-15.
-NOTE: IMPORTANT: To work on a bullseye package before that, coordinate with secteam.
-
NOTE: IMPORTANT: Last point update planned 2024-08-31 (2 weeks after bullseye-lts start)
NOTE: IMPORTANT: During 2024-07/08, make sure you do NOT conflict with
NOTE: IMPORTANT: a prepared upload for bullseye's last point release, see:
NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
-NOTE: IMPORTANT: upcoming bullseye-lts prepared in data/dla-needed.prospective
-
+--
+amanda
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from buster DLA-3681-1 (3 CVEs) and bookworm 12.4 (CVE-2023-30577) (Beuc/front-desk)
+--
+asterisk
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: CVE-2024-42365 is privilege escalation. (Beuc/front-desk)
+--
+bind9
+ NOTE: 20240729: Added by oldstable Security Team (carnil)
+ NOTE: 20240729: Followup improvement for bullseye, though candidate as well for pu (carnil)
+ NOTE: 20240814: The improvement will be provided via bullseye-pu by the maintainer and
+ NOTE: 20240814: no need to make it a followup to the DSA introducing the hardcoded limits. (carnil)
+ NOTE: 20240815: https://lists.debian.org/debian-security/2024/07/msg00009.html
+ NOTE: 20240815: pu request not in the BTS yet, coordinate with maintainer (Beuc/front-desk)
+--
+bluez
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from DLA-3157-1 (5 CVEs)
+ NOTE: 20240815: Follow fixes from DLA-3820-1 (1 CVE)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (3 CVEs) (Beuc/front-desk)
+--
+cacti (Bastien Roucarès)
+ NOTE: 20240522: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+calibre
+ NOTE: 20240808: Added by oldstable Security Team (carnil)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: Also follow fixes from bookworm 12.5 (CVE-2023-46303) (Beuc/front-desk)
+--
+cinder (Thomas Goirand)
+ NOTE: 20240704: Added by oldstable Security Team (carnil)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+--
+cjson
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074090
+ NOTE: 20240815: don't claim; drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
+dnsmasq (Lee Garrett)
+ NOTE: 20240313: Added by oldstable Security Team (jmm)
+ NOTE: 20240802: CVE-2023-28450 is trivial to fix, however CVE-2023-50387 and CVE-2023-50868
+ NOTE: 20240802: look quite disruptive. Contacting maintainer to consult on the best course of
+ NOTE: 20240802: action. (lee)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+edk2
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
+ NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
+--
+exim4
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.3 (2 CVEs)
+ NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
+--
+ffmpeg
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
+--
+flatpak
+ NOTE: 20240814: Added by oldstable Security Team (carnil)
+ NOTE: 20240815: Follow fixes from DSA-5749-1 (CVE-2024-42472) (Beuc/front-desk)
+--
+frr (Tobias Frost)
+ NOTE: 20231107: Added by oldstable Security Team (jmm)
+ NOTE: 20240404: Tobias Frost (tobi) proposed to work on preparing an update (carnil)
+ NOTE: 20240525: discussion with Debian maintainer for status on bullseye + updates (carnil)
+--
+ghostscript
+ NOTE: 20240718: Added by oldstable Security Team (carnil)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: Coordinate bullseye update with carnil (Beuc/front-desk)
+--
+git
+ NOTE: 20240522: Added by oldstable Security Team (jmm)
+ NOTE: 20240525: Maintainer is queried to prepare an update (carnil)
+ NOTE: 20240617: Maintainer prepared bookworm update, bullseye not yet done (carnil)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: coordinate bullseye DLA with maintainer (Beuc/front-desk)
+--
+glance (Thomas Goirand)
+ NOTE: 20240704: Added by oldstable Security Team (carnil)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+--
+glewlwyd
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: A couple minor issues could be sync'd from bookworm, and a few postponed, but this can wait.
+ NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
+ NOTE: 20240815: maintainer (babelouest) plans to do a LTS upload as well (Beuc/front-desk)
+--
+glibc
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: A couple minor issues could be sync'd from bookworm but this can wait.
+ NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076832
+ NOTE: 20240815: pu syncs with 2.31 upstream branch
+ NOTE: 20240815: don't claim; drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
+gnutls28
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (2 CVEs + other security fixes without CVE) (Beuc/front-desk)
+--
+gpac
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Considered for EOL
+ NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00004.html (Beuc/front-desk)
+--
+h2o
+ NOTE: 20231107: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: coordinate bullseye DLA with secteam (Beuc/front-desk)
+--
+indent
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074142
+ NOTE: 20240815: don't claim; drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
+libtommath
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-36328) (Beuc/front-desk)
+--
+libxml2
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2022-2309) (low-priority)
+ NOTE: 20240815: Consider fixing CVE-2016-3709 (Beuc/front-desk)
--
linux (Ben Hutchings)
- NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
+ NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
+--
+nbconvert (Guilhem Moulin)
+ NOTE: 20240508: Added by stable Security Team (jmm)
+ NOTE: 20240604: Guilhem Moulin proposed an update ready for review (carnil)
+ NOTE: 20240815: Follow fixes from DLA-3442-1 (CVE-2021-32862) (Beuc/front-desk)
+--
+netatalk
+ NOTE: 20240807: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: pu in progress but looking stuck https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
+ NOTE: 20240815: coordinate bullseye DLA with uploader (Beuc/front-desk)
+--
+nodejs
+ NOTE: 20240215: Added by oldstable Security Team (jmm)
+ NOTE: 20240521: claim nodejs in dsa-needed.txt (aron)
+ NOTE: 20240815: A bookworm DSA is planned
+ NOTE: 20240815: coordinate bullseye DLA with aron (Beuc/front-desk)
+--
+nova (Thomas Goirand)
+ NOTE: 20240704: Added by oldstable Security Team (carnil)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+ NOTE: 20240815: zigo prepared bullseye packages, cf. http://osbpo.debian.net/deb-status/ (Beuc/front-desk)
+--
+nsis
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-37378) (Beuc/front-desk)
+--
+opensc
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from buster DLA-3463-1 (5 CVEs) and bookworm 12.4 (2 CVEs) (Beuc/front-desk)
+--
+openssl
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2023-5678, CVE-2024-0727) (Beuc/front-desk)
+--
+php-horde-mime-viewer (Mike Gabriel)
+ NOTE: 20220622: Added by stable Security Team (jmm)
+ NOTE: 20240815: considered for EOL, sunweaver to work on an update
+ NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
+--
+php-horde-turba (Mike Gabriel)
+ NOTE: 20220607: Added by stable Security Team (jmm)
+ NOTE: 20240815: considered for EOL, sunweaver to work on an update
+ NOTE: 20240815: https://lists.debian.org/debian-lts/2024/08/msg00023.html (Beuc/front-desk)
+--
+proftpd-dfsg
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.5 (2 CVEs) (Beuc/front-desk)
+--
+pymongo (Bastien Roucarès)
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073529 (CVE-2024-5629)
+ NOTE: 20240815: drop this entry after bullseye 11.11 is out on 2024-08-31 (Beuc/front-desk)
+--
+python-aiohttp
+ NOTE: 20240523: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+python-asyncssh
+ NOTE: 20240105: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+python-git
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from buster DLA-3589-1, buster DLA-3502-1 and bookworm 12.2 (3 CVEs) (Beuc/front-desk)
+--
+python-html-sanitizer
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+--
+python-reportlab
+ NOTE: 20240807: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+qemu
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)
+ NOTE: 20240815: Follow fixes from bookworm 12.5 (CVE-2023-3019, CVE-2023-6693)
+ NOTE: 20240815: Follow fixes from bookworm 12.6 (CVE-2024-3446,CVE-2024-3447)
+ NOTE: 20240815: CVE-2024-4467 fix also proposed for 12.7 (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076504)
+--
+redis
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from buster DLA-3361-1, DLA-3396-1 and bookworm DLA-3361-1 (3 CVEs) (Beuc/front-desk)
+--
+ring
+ NOTE: 20230301: Added by oldstable Security Team (jmm)
+ NOTE: 20230301: might make sense to rebase to current version (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+ruby-httparty
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from DLA-3716-1 (CVE-2024-22049) (Beuc/front-desk)
+--
+ruby-nokogiri
+ NOTE: 20221005: Added by stable Security Team (jmm)
+ NOTE: 20240815: Follow fixes from DLA-3149-1 (CVE-2022-24836) (Beuc/front-desk)
+--
+ruby-rails-html-sanitizer
+ NOTE: 20230901: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: Follow fixes from DLA-3566-1 and DLA-3227-1 (5 CVEs) (Beuc/front-desk)
+--
+ruby-sinatra
+ NOTE: 20230321: Added by stable Security Team (carnil)
+ NOTE: 20230321: Maintainer posted packaging repository link with proposed changes for review (carnil)
+ NOTE: 20240815: Follow fixes from DLA-3264-1 (CVE-2022-45442)
+ NOTE: 20240815: Coordinate with maintainer to review and publish https://salsa.debian.org/ruby-team/ruby-sinatra/-/blob/bullseye/debian/changelog (Beuc/front-desk)
+--
+ruby-tzinfo
+ NOTE: 20240723: Added by stable Security Team (jmm)
+ NOTE: 20240815: Follow fixes from DLA-3077-1 (CVE-2022-31163) (Beuc/front-desk)
+--
+ruby2.7 (Sylvain Beucler)
+ NOTE: 20230508: Added by stable Security Team (jmm)
+ NOTE: 20240716: Samuel Henrique (samueloph) is working on a update
+ NOTE: 20240801: LTS contribution WIP at https://salsa.debian.org/lts-team/packages/ruby/-/commits/debian/bullseye/ (Beuc)
+--
+setuptools
+ NOTE: 20240730: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+smarty3
+ NOTE: 20240814: Added by oldstable Security Team (jmm)
+--
+squid
+ NOTE: 20240308: Added by oldstable Security Team (apo)
+ NOTE: 20240308: Readd squid to dsa-needed.txt
+ NOTE: 20240308: There are still unfixed problems in both supported versions. Especially
+ NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+systemd
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.5 and 12.6 (3 CVEs) (Beuc/front-desk)
+--
+texlive-bin
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: Follow fixes from bookworm 12.1 (CVE-2023-32668) (Beuc/front-desk)
+--
+tinyproxy
+ NOTE: 20240609: Added by oldstable Security Team (jmm)
+--
+trafficserver
+ NOTE: 20240802: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+twisted
+ NOTE: 20240807: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
+--
+upx-ucl
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+--
+wireshark
+ NOTE: 20240815: Added by Front-Desk (Beuc)
+ NOTE: 20240815: bullseye currently lags behind lacking fixes present in both buster and bookworm (Beuc/front-desk)
+--
+zabbix
+ NOTE: 20240126: Added by oldstable Security Team (jmm)
+ NOTE: 20240815: sync fixes from bookworm and buster
+ NOTE: 20240815: A bookworm DSA is planned for 8 new CVEs (Beuc/front-desk)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22f926ceab5ffc6d594a4bb5b53cb4195ef37e73...479ea9bc5dc328ed200aed99d299278346b88d4b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/22f926ceab5ffc6d594a4bb5b53cb4195ef37e73...479ea9bc5dc328ed200aed99d299278346b88d4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240815/e00c2ab2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list