[Git][security-tracker-team/security-tracker][master] Add notes for ceph and knot-resolver + unclaim; waiting on people

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Sun Jan 4 20:48:17 GMT 2026 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c20029c6 by Utkarsh Gupta at 2026-01-05T02:18:09+05:30
Add notes for ceph and knot-resolver + unclaim; waiting on people

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -61,10 +61,12 @@ ca-certificates (santiago)
   NOTE: 20250811: upload ca-certificates-java (rouca)
   NOTE: 20250811: wait for direction from security team about bookworm update first (rouca)
 --
-ceph (Utkarsh)
+ceph
   NOTE: 20251116: Added by Front-Desk (ta)
   NOTE: 20251202: update prepared; will ping zigo to review. (utkarsh)
   NOTE: 20251221: still awaiting zigo's feedback. (utkarsh)
+  NOTE: 20250104: zigo says he can test it this week hopefully. (utkarsh)
+  NOTE: 20250104: package is already uploaded to debusine, just sign+dcut is left. (utkarsh)
 --
 ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
@@ -183,13 +185,14 @@ jackson-core (Markus Koschany)
   NOTE: 20251016: A single patch is not possible to apply to fix the CVE. I'm working on backporting more than one.
   NOTE: 20251121: Still working backporting patches to fix CVE-2025-52999.
 --
-knot-resolver (Utkarsh)
+knot-resolver
   NOTE: 20251206: Added by Front-Desk (rouca)
   NOTE: 20251206: Close CVE-2022-40188 buster regression. Try to fix other non ignored CVEs.
   NOTE: 20251223: complicated to backport no-dsa CVEs as CVE-2023-46317 reverts much of the patch
   NOTE: 20251223: for CVE-2023-26249 and then needs to be re-adjusted a bit for v5.3.1. nonetheless,
   NOTE: 20251223: update prepared @ https://salsa.debian.org/lts-team/packages/knot-resolver/-/tree/debian/bullseye?ref_type=heads.
   NOTE: 20251223: but have reached out to Jakub and Santiago, as maintainers, for a review. (utkarsh)
+  NOTE: 20250104: still waiting to hear back. will upload to debusine for extra pipelines to run. (utkarsh)
 --
 lemonldap-ng
   NOTE: 20250813: Added by Front-Desk (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c20029c672d06a40be273bf457e13af2cba61e58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c20029c672d06a40be273bf457e13af2cba61e58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260104/eee042d7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list