How often i have to update the "debian-security-support" package?
Since wheezy went to LTS, there are serveral updates to the " security-support-ended.deb7" file (which lists the support state). On my wheezy LTS test system i have: ii debian-security-support 2015.04.04~deb7u1 with this " security-support-ended.deb7" content: iceape 2.7.12-1+alpha 2013-12-16 https://lists.debian.org/debian-security-announce/2013/msg00233.html chromium-browser 37.0.2062.120-1~deb7u1 2015-01-31 https://lists.debian.org/debian-security-announce/2015/msg00031.html ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-actionpack-2.3 2.3.14-5 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-activerecord-2.3 2.3.14-6 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-activeresource-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-activesupport-2.3 2.3.14-7 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-rails-2.3 2.3.14-4 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html But on https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git/tree/security-support-ended.deb7 There are some more packages listet: hromium-browser 37.0.2062.120-1~deb7u1 2015-01-31 https://lists.debian.org/debian-security-announce/2015/msg00031.html iceape 2.7.12-1+alpha 2013-12-16 https://lists.debian.org/debian-security-announce/2013/msg00233.html ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-actionpack-2.3 2.3.14-5 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-activerecord-2.3 2.3.14-6 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-activeresource-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-activesupport-2.3 2.3.14-7 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html ruby-rails-2.3 2.3.14-4 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html redmine 1.4.4+dfsg1-2+deb7u1 2014-07-19 Depends on ruby-rails-2.3 which is not supported tomcat6 6.0.45+dfsg-1~deb7u1 2016-12-31 https://tomcat.apache.org/tomcat-60-eol.html typo3-src 4.5.19+dfsg1-5+wheezy4 2015-07-23 https://lists.debian.org/debian-security-announce/2015/msg00210.html virtualbox 4.1.42-dfsg-1+deb7u1 2016-01-27 https://lists.debian.org/debian-security-announce/2016/msg00024.html # Packages below are no longer supported in Wheezy during the LTS period mantis 1.2.18-1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00019.html) movabletype-opensource 5.1.4+dfsg-4+deb7u3 2016-02-06 Not supported in Debian LTS (http://lists.debian.org/[email protected]) openjdk-6 6b38-1.13.10-1~deb7u1 2016-04-15 Not supported in Wheezy LTS https://lists.debian.org/debian-lts/2016/02/msg00153.html openswan 1:2.6.37-3 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00019.html) # Openstack support dropped glance 2012.1.1-5 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) horizon 2012.1.1-10 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) keystone 2012.1.1-13+wheezy1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) nova 2012.1.1-18 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) python-keystoneclient 2012.1-3+deb7u1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) python-novaclient 1:2012.1-4 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) swift 1.4.8-2+deb7u1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html) # End Openstack support dropped In the history log of this file are changes after Wheezy went to LTS (asterix is now support, at 2016-05-04 13:47:11), but there is no newer " debian-security-support" package that include this. So how reliable is "debian-security-support" ? Reiner Schulz > -----Ursprüngliche Nachricht----- > Von: Markus Koschany [mailto:[email protected]] > Gesendet: Montag, 25. April 2016 12:25 > An: [email protected] > Betreff: [SECURITY] Security support for Wheezy handed over to the LTS team > Wichtigkeit: Hoch > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > As of 25 April, one year after the release of Debian 8, alias "Jessie", > and nearly three years after the release of Debian 7, alias "Wheezy", > regular security support for Wheezy comes to an end. The Debian Long > Term Support (LTS) Team will take over security support. > > Information for users > ===================== > > Wheezy LTS will be supported from 26 April 2016 to 31 May 2018. > > For Debian 7 Wheezy LTS there will be no requirement to add a separate > wheezy-lts suite to your sources.list any more and your current setup > will continue to work without further changes. > > For how to use Debian Long Term Support please read > > https://wiki.debian.org/LTS/Using > > Important information and changes regarding Wheezy LTS can be found at > > https://wiki.debian.org/LTS/Wheezy > > Most notably OpenJDK 7 will be made the new Java default JRE/JDK on 26 > June 2016 to ensure full security support until Wheezy LTS reaches its > end-of-life. > > You should also subscribe to the announcement mailing list for > security updates for Wheezy LTS: > > https://lists.debian.org/debian-lts-announce/ > > A few packages are not covered by the Wheezy LTS support. These can be > detected by installing the debian-security-support package. If > debian-security-support detects an unsupported package which is critical > to you, please get in touch with [email protected]. > > > Mailing lists > ============= > > The whole coordination of the Debian LTS effort is handled through the > debian-lts mailing list: > > https://lists.debian.org/debian-lts/ > > Please subscribe or follow us via GMANE (gmane.linux.debian.devel.lts) > > Aside from the debian-lts-announce list, there is also a list for > following all uploads in Wheezy LTS: > > https://lists.debian.org/debian-lts-changes/ > > > Security Tracker > ================ > > All information on the status of vulnerabilities (e.g. if the version in > Wheezy LTS happens to be unaffected while Jessie is affected) will be > tracked in the Debian Security Tracker: > > http://security-tracker.debian.org > > If you happen to spot an error in the data, please see > > https://security-tracker.debian.org/tracker/data/report > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQJ8BAEBCgBmBQJXHfCLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25z > Lm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQ > TgzNUZE > OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkkPoQAIixNUUwDel2fCT7RTs > r8fM5 > 4ik15vXDYgqCIvfMKWNMqe1Haxway9p0pBjVWnAjeWslLp2liMKlbB/PiikpNesQ > 3e8AJvNtSsMTDG+pDBbQIPb3fjir65qcayWSclVvDuFZK6rdWkYcvqh8fRE6BZ81 > NiufvWN0o4wLZm6GiAF9PNSIeeRJCjCMUYU0Myl16jDbrfCUaQr+70UkIUp69h/ > M > nZ65vZKuXD+78CtGUfgHfrcG8lbWq/pDG98P/Pc63JNr+A6VhKrJM4ncR1lHQOf > 8 > 6fBhf9v1UfvR9pZWBakmaHnXpD6VxY44xzv+txOcuYWqxW23Mvg0OAU3KW/z > ofy7 > 3NSDEj7Kw4RoQY7NqjdhW2o01bn9QtB6VNh6qY7I8Vf4P2OqgpAYfZdvmBqdO > w6a > lWavtSr40jwRu7YryoWnIMgdrv4u3G9OTVRmyUcMruvC7EkPSfKHOByW4Ew/V > UaI > f6zc7PApotOwT+iuBWI4u/7k9I6SvBNjiS84Ph4V0y65axRm1CK/XZANCJW870DR > 6JV7atxQoXXAhP0McCoxpVBSPTQqfV+ADaStzgnQ1/Ax8KMNfAD4QcXAxcCn > DGDz > 9jUeYhdKpuKKM7dukOVsnWX+pJ9nfet2VtfRo3wO8B9Pp3L5EzpE9sLL8o/4hPG8 > OjFDxD9gween3PaSarCU > =kjwD > -----END PGP SIGNATURE-----
