Your message dated Sat, 18 Jul 2020 13:07:00 +0100
with message-id
<b8d89cdfeeda7b6d1ef96a8706a20f9525c2151b.ca...@adam-barratt.org.uk>
and subject line Closing requests for fixes included in 9.13 point release
has caused the Debian Bug report #964813,
regarding stretch-pu: package debian-security-support/2020.06.21~deb9u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
964813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964813
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
hi,
I'd like to update debian-security-support in stretch to 2020.06.21~deb9u1
with the following changes to document the state of security support today:
$ debdiff debian-security-support_2019.12.12~deb9u2.dsc
debian-security-support_2020.06.21~deb9u1.dsc | diffstat
debian/changelog | 38 ++++++++++++++++++++++++++++++++++++++
security-support-ended.deb10 | 1 +
security-support-ended.deb8 | 16 ++++++++++++++++
security-support-ended.deb9 | 8 +++++++-
security-support-limited | 3 ++-
5 files changed, 64 insertions(+), 2 deletions(-)
$ debdiff debian-security-support_2019.12.12~deb9u2.dsc
debian-security-support_2020.06.21~deb9u1.dsc
dpkg-source: Warnung: unsigniertes Quellpaket wird extrahiert
(/home/user/Projects/debian-security-support/debian-security-support_2020.06.21~deb9u1.dsc)
diff -Nru debian-security-support-2019.12.12~deb9u2/debian/changelog
debian-security-support-2020.06.21~deb9u1/debian/changelog
--- debian-security-support-2019.12.12~deb9u2/debian/changelog 2020-01-30
22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/debian/changelog 2020-07-10
19:58:12.000000000 +0200
@@ -1,3 +1,41 @@
+debian-security-support (2020.06.21~deb9u1) stretch; urgency=medium
+
+ * This update for stretch only contains changes to the files
+ security-support-limited and security-support-ended.deb(8|9|10) from
+ version 2020.06.21 from unstable, the changes in detail are:
+ - from 2020.06.21:
+ * Add cinder (OpenStack component) to security-support-ended.deb8.
+ - from 2020.06.11:
+ * Also add unbound to security-support-ended.deb8 - see DSA 4694-1
+ and https://lists.debian.org/debian-lts/2020/06/msg00024.html and
+ follow-ups.
+ - from 2020.06.09:
+ * Add unbound to security-support-ended.deb9 (see DSA 4694-1).
+ - from 2020.05.22:
+ * Add pdns-recursor to security-support-ended.deb9 as explained in
+ DSA-4691-1.
+ - from 2020.05.08:
+ * Mark OpenStack packages as being unsupported in LTS; "jessie lost
support
+ from upstream just a few weeks after the release."
+ - from 2020.04.16:
+ * Add tor to security-support-ended.deb8 as well, see DSA 4644-1.
+ * Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of
+ CVE-2020-10674 (#954238), also see #954297, #954298 and #954299.
+ - from 2020.03.22:
+ * Add tor to security-support-ended.deb9, see DSA 4644-1.
+ - from 2020.03.15:
+ * security-support-limited/zoneminder: declare limited support behind an
+ authenticated HTTP zone (see #922724).
+ - from 2020.03.05:
+ * Add xen to security-support-ended.deb8.
+ - from 2020.02.21:
+ * Add nodejs to security-support-ended.deb8 and .deb9.
+ - from 2020.01.21:
+ * Add nethack to security-support-ended.deb8.
+ * Mark xen as end-of-life for Stretch (DSA 4602-1).
+
+ -- Holger Levsen <[email protected]> Fri, 10 Jul 2020 19:58:12 +0200
+
debian-security-support (2019.12.12~deb9u2) stretch-security; urgency=medium
* Rebuild for stretch-security.
diff -Nru
debian-security-support-2019.12.12~deb9u2/security-support-ended.deb10
debian-security-support-2020.06.21~deb9u1/security-support-ended.deb10
--- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb10
2020-01-30 20:57:55.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb10
2020-07-10 19:46:36.000000000 +0200
@@ -11,3 +11,4 @@
# In the program's output, this is prefixed with "Details:"
# none yet (please remove this line once this is not true anymore)
+libperlspeak-perl 2.01-2 2020-04-16
https://bugs.debian.org/954238 (CVE-2020-10674) and
https://bugs.debian.org/954297 and 954298
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb8
debian-security-support-2020.06.21~deb9u1/security-support-ended.deb8
--- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb8
2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb8
2020-07-10 19:46:36.000000000 +0200
@@ -32,3 +32,19 @@
nasm-mozilla 0 2019-01-01 Only provided as
build dependency for Firefox/Thunderbird >= 68
nodejs-mozilla 0 2019-01-01 Only provided as
build dependency for Firefox/Thunderbird >= 68
libqb 0.11.1-2 2019-11-15 Leaf package, no
upstream support for this version
+nethack 3.4.3-15 2019-12-30
https://lists.debian.org/debian-lts/2019/12/msg00062.html
+nodejs 0.10.29~dfsg-2 2020-02-20
https://lists.debian.org/debian-lts/2020/02/msg00045.html and
https://bugs.debian.org/931376
+xen 4.4.4lts5-0+deb8u1 2020-03-02
https://lists.debian.org/debian-lts/2020/03/msg00020.html
+tor 0.2.5.16-1 2020-03-20
https://lists.debian.org/debian-security-announce/2020/msg00047.html
+libperlspeak-perl 2.01-2 2020-04-16
https://bugs.debian.org/954238 (CVE-2020-10674) and
https://bugs.debian.org/954297
+# Openstack support dropped
+cinder 2014.1.3-11+deb8u1 2020-06-19 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+glance 2014.1.3-12+deb8u1 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+horizon 2014.1.3-7+deb8u2 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+keystone 2014.1.3-6 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+nova 2014.1.3-11 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+python-keystoneclient 1:0.10.1-2+deb8u1 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+python-novaclient 2:2.18.1-1 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+swift 2.2.0-1+deb8u1 2020-05-08 "Jessie lost
support fom upstream just a few weeks after the release."
(https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+# End Openstack support dropped
+unbound 1.4.22-3+deb8u4 2020-06-11
https://lists.debian.org/debian-lts/2020/06/msg00024.html and followups /
DSA-4694-1
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb9
debian-security-support-2020.06.21~deb9u1/security-support-ended.deb9
--- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb9
2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb9
2020-07-10 19:46:36.000000000 +0200
@@ -14,4 +14,10 @@
jasperreports 4.1.3+dfsg-3 2017-12-09
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10
nasm-mozilla 0 2019-01-01 Only provided as
build dependency for Firefox/Thunderbird >= 68
nodejs-mozilla 0 2019-01-01 Only provided as
build dependency for Firefox/Thunderbird >= 68
-chromium 73.0.3683.75-1~deb9u1 2019-11-10
https://lists.debian.org/debian-security-announce/2019/msg00214.html
+chromium 73.0.3683.75-1~deb9u1 2019-11-10
https://lists.debian.org/debian-security-announce/2019/msg00214.html
+xen 4.8.5.final+shim4.10.4-1+deb9u12 2020-01-13
https://lists.debian.org/debian-security-announce/2020/msg00005.html
+nodejs 0.10.29~dfsg-2 2020-02-20
https://lists.debian.org/debian-lts/2020/02/msg00045.html and
https://bugs.debian.org/931376
+tor 0.2.9.16-1 2020-03-20
https://lists.debian.org/debian-security-announce/2020/msg00047.html
+libperlspeak-perl 2.01-2 2020-04-16
https://bugs.debian.org/954238 (CVE-2020-10674) and
https://bugs.debian.org/954297 and 954299
+pdns-recursor 4.0.4-1+deb9u4 2020-05-21
https://www.debian.org/security/2020/dsa-4691
+unbound 1.6.0-3+deb9u2 2020-05-26
https://lists.debian.org/debian-security-announce/2020/msg00098.html
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-limited
debian-security-support-2020.06.21~deb9u1/security-support-limited
--- debian-security-support-2019.12.12~deb9u2/security-support-limited
2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-limited
2020-07-10 19:46:36.000000000 +0200
@@ -7,7 +7,7 @@
# In the program's output, this is prefixed with "Details:"
adns Stub resolver that should only be used with trusted recursors
-binutils Not covered by security support
+binutils Only suitable for trusted content; see
https://lists.debian.org/msgid-search/[email protected]
ganglia See README.Debian.security, only supported behind an
authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an
authenticated HTTP zone, #702776
glpi Only supported behind an authenticated HTTP zone for trusted
users
@@ -28,3 +28,4 @@
webkitgtk No security support upstream and backports not feasible, only
for use on trusted content
wine-gecko-2.21 Not covered by security support, see
https://bugs.debian.org/804058
wine-gecko-2.24 Not covered by security support, see
https://bugs.debian.org/804058
+zoneminder See README.Debian.security, only supported behind an
authenticated HTTP zone, #922724
Thanks for the work on point releases!
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
In Europe there are people prosecuted by courts because they saved other people
from drowning in the Mediterranean Sea. That is almost as absurd as if there
were people being prosecuted because they save humans from drowning in the sea.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 9.13
Hi,
All of these requests relate to updates that were included in today's
stretch point release.
Regards,
Adam
--- End Message ---
