[Git][security-tracker-team/security-tracker][master] 8 commits: add-dsa-needed: Only list packages for stable for dsa-needed list

Thu Jun 11 22:25:25 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
795e85d1 by Salvatore Bonaccorso at 2026-05-29T23:11:22+02:00
add-dsa-needed: Only list packages for stable for dsa-needed list

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
e08befaa by Salvatore Bonaccorso at 2026-05-29T23:14:22+02:00
DLA template: Add support to mention bookworm as LTS supported release

While bookworm moves to LTS support bullseye will as well still be
supported by LTS. Adapt the template to add the bookworm mentioning and
adapt the Version field like ELTS team uses is, cf.
https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/blob/master/doc/ELA.template?ref_type=heads

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
b3e1dfb0 by Salvatore Bonaccorso at 2026-05-29T23:16:35+02:00
DSA template: Do not mention the oldstable distribution

Support by Debian security team for bookworm/oldstable is moving to the
LTS team and no further updates are issued for bookworm/oldstable via a
DSA.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
a39e8e74 by Salvatore Bonaccorso at 2026-05-29T23:18:39+02:00
security-team overview: Do not mention bookworm-security anymore

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
15220292 by Salvatore Bonaccorso at 2026-05-29T23:20:27+02:00
config.json: Reduce list of supported architectures for bookworm under LTS support

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
2b2ec6d4 by Salvatore Bonaccorso at 2026-05-29T23:21:26+02:00
distributions.json: Move support of bookworm to LTS team

distributions.json is used by reportbug to decide where to redirect
potential regression reports. Move support for bookworm to the LTS team.

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
27e49d34 by Salvatore Bonaccorso at 2026-05-29T23:24:17+02:00
LTS templates: Replace use of Bullseye with Bookworm

Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
f6d21e2f by Salvatore Bonaccorso at 2026-06-11T23:25:23+02:00
Merge branch 'end-of-life-security-support-bookworm' into 'master'

End of life security support bookworm

See merge request security-tracker-team/security-tracker!297
- - - - -


9 changed files:

- bin/add-dsa-needed.sh
- data/config.json
- doc/DLA.template
- doc/DSA.template
- doc/security-team.d.o/index
- static/distributions.json
- templates/lts-no-dsa.txt
- templates/lts-update-planned-minor.txt
- templates/lts-update-planned.txt


Changes:

=====================================
bin/add-dsa-needed.sh
=====================================
@@ -20,7 +20,7 @@
 
 set -eu
 
-include_oldstable=true
+include_oldstable=false
 turl="https://security-tracker.debian.org/tracker/status/release"
 
 [ -f data/dsa-needed.txt ] || {


=====================================
data/config.json
=====================================
@@ -105,7 +105,7 @@
           "bookworm-proposed-updates"
         ]
       },
-      "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips64el", "mipsel", "ppc64el", "s390x" ],
+      "architectures": [ "amd64", "arm64", "armhf", "i386", "ppc64el" ],
       "release": "oldstable"
     },
     "trixie": {


=====================================
doc/DLA.template
=====================================
@@ -9,7 +9,7 @@ $SPACEDDATE                        https://wiki.debian.org/LTS
 -------------------------------------------------------------------------
 
 Package        : $PACKAGE
-Version        : $bullseye_VERSION
+Version        : $bullseye_VERSION $bookworm_VERSION
 CVE ID         : $CVE
 Debian Bug     : $BUGNUM
 
@@ -18,6 +18,9 @@ $TEXT
 For Debian 11 bullseye, this problem has been fixed in version
 $bullseye_VERSION.
 
+For Debian 12 bookworm, this problem has been fixed in version
+$bookworm_VERSION.
+
 We recommend that you upgrade your $PACKAGE packages.
 
 For the detailed security status of $PACKAGE please refer to


=====================================
doc/DSA.template
=====================================
@@ -14,9 +14,6 @@ Debian Bug     : $BUGNUM
 
 $TEXT
 
-For the oldstable distribution ($OLDSTABLE), this problem has been fixed
-in version $$OLDSTABLE_VERSION.
-
 For the stable distribution ($STABLE), this problem has been fixed in
 version $$STABLE_VERSION.
 


=====================================
doc/security-team.d.o/index
=====================================
@@ -1,11 +1,9 @@
 <table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
 	<tbody>
-            <tr><th>bookworm 12</th><th>trixie 13</th><th>forky</th><th>sid</th></tr>
-            <tr><th>bookworm-security</th><th>trixie-security</th><th>testing</th><th>unstable</th></tr>
+            <tr><th>trixie 13</th><th>forky</th><th>sid</th></tr>
+            <tr><th>trixie-security</th><th>testing</th><th>unstable</th></tr>
 	<tr>
 	<td valign="top">
-		<a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
-	</td><td valign="top">
 		<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
 	</td><td valign="top">
 		<a href="https://security-tracker.debian.org/tracker/status/release/testing">Vulnerable Packages</a><br\>
@@ -13,8 +11,6 @@
 		<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
 	</td></tr>
 	<tr><td valign="top">
-                <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next point update</a><br\>
-	</td><td valign="top">
                 <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
 	</td><td valign="top">
 		Next point update<br\>


=====================================
static/distributions.json
=====================================
@@ -26,8 +26,8 @@
   },
   "bookworm": {
     "major-version": "12",
-    "support": "security",
-    "contact": "team at security.debian.org"
+    "support": "lts",
+    "contact": "debian-lts at lists.debian.org"
   },
   "trixie": {
     "major-version": "13",


=====================================
templates/lts-no-dsa.txt
=====================================
@@ -1,12 +1,12 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Bullseye
+Subject: About the security issues affecting {{ package }} in Bookworm
 
 Dear maintainer(s),
 
 The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Bullseye:
+package in Bookworm:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -15,10 +15,10 @@ https://security-tracker.debian.org/tracker/{{ entry }}
 https://security-tracker.debian.org/tracker/source-package/{{ package }}
 {%- endif %}
 
-We decided that we would not prepare a bullseye security update (usually
+We decided that we would not prepare a bookworm security update (usually
 because the security impact is low and that we concentrate our limited
 resources on higher severity issues and on the most widely used packages).
-That said the bullseye users would most certainly benefit from a fixed
+That said the bookworm users would most certainly benefit from a fixed
 package.
 
 If you want to work on such an update, you're welcome to do so. Please


=====================================
templates/lts-update-planned-minor.txt
=====================================
@@ -1,10 +1,10 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: Bullseye update of {{ package }} (minor security issues)?
+Subject: Bookworm update of {{ package }} (minor security issues)?
 
 The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Bullseye:
+package in Bookworm:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -17,7 +17,7 @@ We decided that a member of the LTS team should take a look at this
 package, although the security impact of still open issues is low. When
 resources are available on our side, one of the LTS team members will
 start working on fixes for those minor security issues, as we think that
-the bullseye users would most certainly benefit from a fixed package.
+the bookworm users would most certainly benefit from a fixed package.
 
 If you'd rather want to work on such an update yourself, you're welcome
 to do so. Please send us a short notification to the debian-lts mailing


=====================================
templates/lts-update-planned.txt
=====================================
@@ -1,12 +1,12 @@
 Content-Type: text/plain; charset=utf-8
 To: {{ to }}
 Cc: {{ cc }}
-Subject: Bullseye update of {{ package }}?
+Subject: Bookworm update of {{ package }}?
 
 Dear maintainer(s),
 
 The Debian LTS team would like to fix the security issues which are
-currently open in the Bullseye version of {{ package }}:
+currently open in the Bookworm version of {{ package }}:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/99cb9408bff9437812a65ac786272facc0c009cf...f6d21e2f16b5dd8c53e69654de412e68ea9bfbcd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/99cb9408bff9437812a65ac786272facc0c009cf...f6d21e2f16b5dd8c53e69654de412e68ea9bfbcd
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/22de4151/attachment-0001.htm>
