Hello, I pushed some updates to the git repository of debian-security-support basically updating the status of virtualbox-ose in squeeze but also handling some open bugs that various maintainers filed about their own package (cf patches in attachment).
Are the changes OK for the security team and can I upload the package to unstable? (And then backport to squeeze) Do we have an official vetting process for those kind of maintainer requests? Shall there be announces for all packages which are not security supported? Most of those that I added are in stable releases: xbmc, qtwebkit-opensource-src, wine-gecko-2.21. Cheers, -- Raphaël Hertzog ◈ Writer/Consultant ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/
>From a6fb8c683ae484e0808a83b528d4841eb79793b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <[email protected]> Date: Fri, 18 Dec 2015 11:19:38 +0100 Subject: [PATCH 1/4] Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all releases Closes: #804058 --- debian/changelog | 5 +++++ security-support-limited | 2 ++ 2 files changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 5909096..1edec01 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,13 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium + [ Salvatore Bonaccorso ] * Mark typo3-src as unsupported in Wheezy. Thanks to Holger Levsen <[email protected]> (Closes: #793454) + [ Raphaël Hertzog ] + * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all + releases. Closes: #804058 + -- Salvatore Bonaccorso <[email protected]> Thu, 13 Aug 2015 21:45:20 +0200 debian-security-support (2015.07.11) unstable; urgency=medium diff --git a/security-support-limited b/security-support-limited index 03d7a01..94a2fa5 100644 --- a/security-support-limited +++ b/security-support-limited @@ -22,5 +22,7 @@ pidgin Support in squeeze is limited to IRC, Jabber/XMPP, Sametime and qtwebkit No security support upstream and backports not feasible, only for use on trusted content sql-ledger Only supported behind an authenticated HTTP zone webkitgtk No security support upstream and backports not feasible, only for use on trusted content +wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058 +wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058 xulrunner Xulrunner was added in Wheezy 7.8 to fix build failures since Iceweasel 31 no longer provides a Xul lib. It's not covered by security support -- 2.6.4
>From 093ac4b7f850180af9a196ee12948206ba4739fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <[email protected]> Date: Fri, 18 Dec 2015 11:22:11 +0100 Subject: [PATCH 2/4] Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1). --- debian/changelog | 1 + security-support-ended.deb6 | 1 + 2 files changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1edec01..1a33997 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,7 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium [ Raphaël Hertzog ] * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all releases. Closes: #804058 + * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1). -- Salvatore Bonaccorso <[email protected]> Thu, 13 Aug 2015 21:45:20 +0200 diff --git a/security-support-ended.deb6 b/security-support-ended.deb6 index bafae6d..834fa24 100644 --- a/security-support-ended.deb6 +++ b/security-support-ended.deb6 @@ -46,6 +46,7 @@ spip 2.1.1-3squeeze7 2014-05-31 Not supported in squeeze LTS textpattern 4.2.0-2 2014-12-13 https://lists.debian.org/debian-lts/2014/12/msg00009.html turba2 2.3.4+debian0-1 2014-05-31 Not supported in squeeze LTS typo3-src 4.3.9+dfsg1-1+squeeze9 2014-05-31 Not supported in squeeze LTS +virtualbox-ose 3.2.28-dfsg-1+squeeze1 2015-12-18 https://lists.debian.org/debian-lts-announce/2015/12/msg00014.html vlc 1.1.3-1squeeze6 2014-05-31 Not supported in squeeze LTS wireshark 1.2.11-6+squeeze15 2014-12-31 Not supported in squeeze LTS for analysis of untrusted traffic xen 4.0.1-5.11 2014-05-31 Not supported in squeeze LTS -- 2.6.4
>From 35e3bf6d523a267ed484fb489ad0dc4f43ade39e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <[email protected]> Date: Fri, 18 Dec 2015 11:34:15 +0100 Subject: [PATCH 3/4] Mark xbmc and kodi as unsupported in all releases Closes: #791867 --- debian/changelog | 1 + security-support-limited | 2 ++ 2 files changed, 3 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1a33997..3cd161e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,7 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all releases. Closes: #804058 * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1). + * Mark xbmc and kodi as unsupported in all releases. Closes: #791867 -- Salvatore Bonaccorso <[email protected]> Thu, 13 Aug 2015 21:45:20 +0200 diff --git a/security-support-limited b/security-support-limited index 94a2fa5..564dba4 100644 --- a/security-support-limited +++ b/security-support-limited @@ -12,6 +12,7 @@ ganglia See README.Debian.security, only supported behind an authenticat ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 glpi Only supported behind an authenticated HTTP zone for trusted users kde4libs khtml has no security support upstream, only for use on trusted content +kodi No security support upstream, you must always use the latest version. See https://bugs.debian.org/791867 libv8-3.14 Not covered by security support, only suitable for trusted content ltp Pure Testsuite, only supported on non-production non-multiuser systems mozjs Not covered by security support, only suitable for trusted content @@ -24,5 +25,6 @@ sql-ledger Only supported behind an authenticated HTTP zone webkitgtk No security support upstream and backports not feasible, only for use on trusted content wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058 wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058 +xbmc No security support upstream, you must always use the latest version. See https://bugs.debian.org/791867 xulrunner Xulrunner was added in Wheezy 7.8 to fix build failures since Iceweasel 31 no longer provides a Xul lib. It's not covered by security support -- 2.6.4
>From d4cc493d3132b7fe032081c7355c6bdd8eea803c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <[email protected]> Date: Fri, 18 Dec 2015 11:42:16 +0100 Subject: [PATCH 4/4] Mark qtwebkit-opensource-src as unsupported in all releases. Closes: #799189 --- debian/changelog | 2 ++ security-support-limited | 1 + 2 files changed, 3 insertions(+) diff --git a/debian/changelog b/debian/changelog index 3cd161e..9327732 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,8 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium releases. Closes: #804058 * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1). * Mark xbmc and kodi as unsupported in all releases. Closes: #791867 + * Mark qtwebkit-opensource-src as unsupported in all releases. + Closes: #799189 -- Salvatore Bonaccorso <[email protected]> Thu, 13 Aug 2015 21:45:20 +0200 diff --git a/security-support-limited b/security-support-limited index 564dba4..3fafd54 100644 --- a/security-support-limited +++ b/security-support-limited @@ -21,6 +21,7 @@ mozjs24 Not covered by security support, only suitable for trusted conte ocsinventory-server Only supported behind an authenticated HTTP zone pidgin Support in squeeze is limited to IRC, Jabber/XMPP, Sametime and SIMPLE qtwebkit No security support upstream and backports not feasible, only for use on trusted content +qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content sql-ledger Only supported behind an authenticated HTTP zone webkitgtk No security support upstream and backports not feasible, only for use on trusted content wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058 -- 2.6.4
