[Git][security-tracker-team/security-tracker][master] dla-needed: add package that have a regression from buster
Bastien Roucariès (@rouca)
rouca at debian.org
Sat Dec 6 21:25:42 GMT 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0c41834 by Bastien Roucariès at 2025-12-06T22:25:13+01:00
dla-needed: add package that have a regression from buster
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -313,6 +313,9 @@ openjpeg2
NOTE: 20251206: Avoid regression from buster: CVE-2025-50952 (rouca/front-desk)
NOTE: 20251206: Fix postponed CVE and do dsa/PU work if needed (rouca/front-desk)
--
+osslsigncode
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
p7zip
NOTE: 20251020: Added by Front-Desk (dleidert)
NOTE: 20251020: I disagree with the low-severity ratings; but finding the patches might be a hard (dleidert/front-desk)
@@ -320,6 +323,12 @@ p7zip
p7zip-rar
NOTE: 20250719: Added by Front-Desk (Beuc)
--
+paramiko
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
+php-dompdf
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
php-laravel-framework
NOTE: 20250307: Added by Front-Desk (rouca)
NOTE: 20251027: History of upstream branch fixing v12: git log 9de75259..2d133034^2.
@@ -329,12 +338,21 @@ php-laravel-framework
NOTE: 20251027: tests is required to prevent regressions, but I could not get the upstream
NOTE: 20251027: test suite to work. It is not exercised as part of Debian packages build. (paride)
--
+pillow
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
python-django (Chris Lamb)
NOTE: 20251106: Added by Front-Desk (Beuc)
NOTE: 20251106: Lots of postponed vulnerabilities triaged for the next update.
NOTE: 20251106: Also, time to finalize the SPU? (Beuc/front-desk)
NOTE: 20251106: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079454
--
+python-mechanize
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
+python-oslo.utils
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
rails (rouca)
NOTE: 20250105: Added by Front-Desk (apo)
NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
@@ -344,6 +362,12 @@ rails (rouca)
NOTE: 20251120: Import old security release and fix. Will likely do a partial release due to number of CVEs (rouca)
NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
--
+ruby-git
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
+ruby-sidekiq
+ NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
+--
runc
NOTE: 20251105: Added by Front-Desk (Beuc)
NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0c418345277d8d86d55e74c53f40db0e32c904f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0c418345277d8d86d55e74c53f40db0e32c904f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251206/d83632f0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list