[Git][security-tracker-team/security-tracker][master] 3 commits: LTS: add gsl to dla-needed.txt

Roberto C. Sánchez (@roberto) roberto at debian.org
Fri Dec 6 22:40:58 GMT 2024 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50c1cd63 by Roberto C. Sánchez at 2024-12-06T17:36:37-05:00
LTS: add gsl to dla-needed.txt

- - - - -
35857efa by Roberto C. Sánchez at 2024-12-06T17:37:49-05:00
Revert "lts: drop unbound, no remaining issues"

This reverts commit e325aa3fbea53fd1c56238938aad55e35d2819fb.

- - - - -
50ca64ef by Roberto C. Sánchez at 2024-12-06T17:40:38-05:00
LTS: update notes of unbound

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -103,6 +103,11 @@ glewlwyd (Thorsten Alteholz)
   NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
   NOTE: 20241201: testing package
 --
+gsl
+  NOTE: 20241206: Added by coordinator (roberto)
+  NOTE: 20241206: CVE-2020-35357 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
+  NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/167
+--
 haproxy (Thorsten Alteholz)
   NOTE: 20241201: Added by Front-Desk (ta)
 --
@@ -232,6 +237,13 @@ twitter-bootstrap3
   NOTE: 20241110: Added by Front-Desk (apo)
   NOTE: 20241119: Supportability discussion https://lists.debian.org/debian-lts/2024/11/msg00030.html (Beuc/front-desk)
 --
+unbound
+  NOTE: 20240825: Added by Front-Desk (ta)
+  NOTE: 20240929: The patch for CVE-2024-33655 was considered too intrusive for Buster. (dleidert)
+  NOTE: 20240929: It seems reasonable that in that case that is true for Bullseye as well. (dleidert)
+  NOTE: 20241206: There is no DLA to prepare for this package, rather CVE noted above must be assessed and a final disposition applied for bullseye (roberto)
+  NOTE: 20241206: A stable update is also needed, https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/164
+--
 upx-ucl
   NOTE: 20240815: Added by Front-Desk (Beuc)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c85d7356fe06a1f78c8b5cf6ad60d4a49dc54c06...50ca64ef3336b6d2a8d7e11ace4ad0791820b49b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c85d7356fe06a1f78c8b5cf6ad60d4a49dc54c06...50ca64ef3336b6d2a8d7e11ace4ad0791820b49b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/8bfcab4e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list