[Git][security-tracker-team/security-tracker][master] dla: tidy notes

Sylvain Beucler (@beuc) beuc at debian.org
Thu Mar 14 16:45:40 GMT 2024 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c4e6aba by Sylvain Beucler at 2024-03-14T17:45:04+01:00
dla: tidy notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -53,14 +53,14 @@ cacti (Sylvain Beucler)
 --
 composer (rouca)
   NOTE: 20240209: Added by Front-Desk (utkarsh)
-  NOTE: 20240304: Need to backport bullseye
-  NOTE: 20240312: likely not affected by CVE-2024-24821
+  NOTE: 20240304: Need to backport bullseye (rouca)
+  NOTE: 20240312: likely not affected by CVE-2024-24821 (rouca)
 --
 curl (rouca)
   NOTE: 20231229: Added by Front-Desk (lamby)
   NOTE: 20231229: CVE-2023-27534 fixed in bullseye via DSA or point release. (lamby)
-  NOTE: https://salsa.debian.org/debian/curl/-/merge_requests/21
-  NOTE: test fix
+  NOTE: 20240129: https://salsa.debian.org/debian/curl/-/merge_requests/21 (rouca)
+  NOTE: 20240312: test fix (rouca)
 --
 dnsmasq (dleidert)
   NOTE: 20240303: Added by Front-Desk (apo)
@@ -72,7 +72,8 @@ docker.io
   NOTE: 20230706: ask for review testing https://lists.debian.org/debian-lts/2023/07/msg00013.html
   NOTE: 20230801: rouca and santiago testing the swarm overlay network (including current buster version)
   NOTE: 20240213: CVE-2024-24557 patch does not directly apply and lack of reproducer test case
-  NOTE: 20230311: Reverted decision to remove from this file since three CVEs are in bullseye.
+  NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
+  NOTE: 20230311: Reverted decision to remove from this file since three CVEs are in bullseye. (ola)
 --
 dogecoin
   NOTE: 20230619: Added by Front-Desk (Beuc)
@@ -111,8 +112,8 @@ i2p
 imagemagick
   NOTE: 20230622: Added by Front-Desk (Beuc)
   NOTE: 20230622: Requested by maintainer (rouca) to tidy remaining open CVEs (Beuc/front-desk)
-  NOTE: 20231014: Some work under git branch debian/buster but unease
-  NOTE: 20240227: Made a partial release
+  NOTE: 20231014: Some work under git branch debian/buster but unease (rouca)
+  NOTE: 20240227: Made a partial release (rouca)
 --
 jenkins-htmlunit-core-js
   NOTE: 20231231: Added by Front-Desk (lamby)
@@ -127,7 +128,8 @@ jetty9
 --
 knot-resolver
   NOTE: 20231029: Added by Front-Desk (gladk)
-  NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye.
+  NOTE: 20240310: Dropped from dla-needed.txt (ola/front-desk)
+  NOTE: 20240311: Reverted decision to remove from dla-needed since four CVEs has been fixed in bullseye. (ola)
 --
 libcommons-compress-java (Markus Koschany)
   NOTE: 20240303: Added by Front-Desk (apo)
@@ -187,7 +189,7 @@ nova
 nss
   NOTE: 20240121: Added by Front-Desk (apo)
   NOTE: 20240310: CVE-2023-6135: Upstream suggests to wait until they have a patch for 3.90 (their LTS version) available and backport from there.
-  NOTE: 20230310: see also: Message-ID: <Zd5GYmuVVIDU54Vv at isildor2.loewenhoehle.ip>
+  NOTE: 20230310: see also: Message-ID: <Zd5GYmuVVIDU54Vv at isildor2.loewenhoehle.ip> (tobi)
 --
 nvidia-cuda-toolkit
   NOTE: 20230514: Added by Front-Desk (utkarsh)
@@ -195,16 +197,16 @@ nvidia-cuda-toolkit
   NOTE: 20230514: piled up. (utkarsh)
   NOTE: 20230610: Details: https://lists.debian.org/debian-lts/2023/06/msg00032.html
   NOTE: 20230610: my recommendation would be to put the package on the "not-supported" list. (tobi)
-  NOTE: 20240311: CVE-2020-5991 is fixed in bullseye. However email sent to suggest removal of support.
+  NOTE: 20240311: CVE-2020-5991 is fixed in bullseye. However email sent to suggest removal of support. (ola)
 --
 nvidia-graphics-drivers
   NOTE: 20240303: Added by Front-Desk (apo)
   NOTE: 20240303: Do we still support the NVIDIA drivers? Can we upgrade to a new upstream release?
-  NOTE: 20240303: Maybe it's time to mark them EOL?
+  NOTE: 20240303: Maybe it's time to mark them EOL? (apo/front-desk)
 --
 nvidia-graphics-drivers-legacy-390xx
   NOTE: 20240303: Added by Front-Desk (apo)
-  NOTE: 20240303: See comment for nvidia-graphics-drivers.
+  NOTE: 20240303: See comment for nvidia-graphics-drivers. (apo/front-desk)
 --
 pdns-recursor (dleidert)
   NOTE: 20240306: Added by Front-Desk (opal)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c4e6aba9f7d3a5f3d0f8ebf76100dca1731596d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c4e6aba9f7d3a5f3d0f8ebf76100dca1731596d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240314/066835c5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list