[Git][security-tracker-team/security-tracker][master] LTS: re-add some packages that still need work

Roberto C. Sánchez (@roberto) roberto at debian.org
Thu Mar 14 20:25:21 GMT 2024 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6de72b5 by Roberto C. Sánchez at 2024-03-14T16:24:30-04:00
LTS: re-add some packages that still need work

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -158,6 +158,17 @@ libssh
   NOTE: 20240227: <https://archive.libssh.org/libssh/2024-02/0000009.html>
   NOTE: 20240227: (spwhitton).
 --
+libstb
+  NOTE: 20231029: Added by Front-Desk (gladk)
+  NOTE: 20231029: A lot of open CVEs. Maybe duplicates.
+  NOTE: 20231029: If you take a package, please evaluate it as well as its importance.
+  NOTE: 20231119: None of the new CVE fixes has been reviewed by upstream so far,
+  NOTE: 20231119: and in the past CVE fixes have caused regressions.
+  NOTE: 20231119: Wait for upstream merge of fixes (and fixing in unstable). (bunk)
+  NOTE: 20230314: Reverted decision to remove from this file since
+  NOTE: 20240314: several CVEs fixed in DLA-3305-1 remain unfixed (no-dsa) in bullseye
+  NOTE: 20240314: and bookwork. Uploads to spu and ospu should be coordinated. (roberto)
+--
 linux (Ben Hutchings)
   NOTE: 20230111: perma-added for LTS package-specific delegation (bwh)
 --
@@ -239,6 +250,11 @@ ring
 ruby-rack (Adrian Bunk)
   NOTE: 20240306: Added by Front-Desk (opal)
 --
+runc
+  NOTE: 20240312: Added by coordinator (roberto)
+  NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye.
+  NOTE: 20240314: Uploads to ospu should be coordinated. (roberto)
+--
 samba
   NOTE: 20230918: Added by Front-Desk (apo)
 --
@@ -276,6 +292,11 @@ suricata (Adrian Bunk)
 thunderbird (Emilio)
   NOTE: 20240306: Added by Front-Desk (opal)
 --
+tiff
+  NOTE: 20240314: Added by coordinator (roberto)
+  NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and
+  NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated. (roberto)
+--
 tinymce (Ola)
   NOTE: 20231123: Added by Front-Desk (ola)
   NOTE: 20231216: Someone with more XSS experience needed to assess the
@@ -298,6 +319,11 @@ varnish
   NOTE: 20240122: Still fixing tests (abhijith)
   NOTE: 20240213: Fixing tests.(abhijith)
 --
+wordpress
+  NOTE: 20240314: Added by coordinator (roberto)
+  NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and
+  NOTE: 20240314: bookwork. Uploads to spu and ospu should be coordinated. (roberto)
+--
 zabbix
   NOTE: 20240212: Added by Front-Desk (utkarsh)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6de72b5ec2b6af6c959a91b15f80000685e8eee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6de72b5ec2b6af6c959a91b15f80000685e8eee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240314/4dcff8ba/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list