Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits: 03c3eede by Hugo Lefeuvre at 2019-07-21T21:30:30Z dla-needed: reclaim packages, update notes I am still working on faad2 and hdf5, still waiting for answers from upstream in both cases. My work on libsdl-image made progress, uploads will happen once I've finished testing them. I am still investigating issues in libsdl. Not sure why pound is still in dla-needed since the only issue was marked no-dsa in jessie. Planning to take a look. - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -15,10 +15,11 @@ asterisk cfengine3 (Mike Gabriel) NOTE: 20190628: likely not affected by CVE-2019-9929, but other not-yet-CVE'ed issues ahead -- -faad2 +faad2 (Hugo Lefeuvre) NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon. NOTE: 20190525: see https://github.com/knik0/faad2/pull/36 NOTE: 20190610: still waiting for review, currently discussing with Fabian + NOTE: 20190721: still no answer, will ping Fabian -- firefox-esr -- @@ -32,12 +33,13 @@ glib2.0 (Mike Gabriel) golang-go.crypto NOTE: 20190707: Check that an upload of this will not require reverse build-deps to also be recompiled (see previous golang uploads?). (lamby) -- -hdf5 +hdf5 (Hugo Lefeuvre) NOTE: 20190511: upstream was not aware of our undetermined issues. They have assigned NOTE: a Jira issue for this: https://jira.hdfgroup.org/browse/HDFFV-10755 (hle) NOTE: 20190610: ongoing work. Currently thinking of releasing a first DLA NOTE: fixing the first few issues with patch available, but this would logically NOTE: imply to first prepare a buster update. + NOTE: 20190721: preparing a first upload. will ping upstream as well. -- imagemagick (Mike Gabriel) -- @@ -65,15 +67,14 @@ libqb NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby) NOTE: 20190619: See https://lists.debian.org/debian-lts/2019/06/msg00015.html -- -libsdl1.2 +libsdl1.2 (Hugo Lefeuvre) NOTE: see libsdl2 entry. -- libsdl2 (Hugo Lefeuvre) - NOTE: I have written patches, and they were merged by upstream a few days ago. - NOTE: upload will happen tomorrow. + NOTE: checking the two last open issues. -- -libsdl2-image - NOTE: see libsdl2 entry. +libsdl2-image (Hugo Lefeuvre) + NOTE: currently testing the update, will happen soon. -- libxslt (Markus Koschany NOTE: 20190701: the Security Team doesn't want us to mark when jessie was explicitely tested as unfixed, so writing it here (beuc) @@ -90,8 +91,10 @@ otrs2 (Abhijith PA) -- php5 -- -pound +pound (Hugo Lefeuvre) NOTE: 20190715: https://salsa.debian.org/debian/pound/blob/jessie/debian/patches/0009-CVE-2016-1071.patch + NOTE: check, not sure why this is still in dla-needed since the only issue was triaged no-dsa in + NOTE: jessie (hle) -- proftpd-dfsg (Markus Koschany) -- @@ -113,12 +116,13 @@ ruby-openid NOTE: 20190705: Pinged bug (lamby) NOTE: 20190710: I'm at a loss to how to continue persuing this issue (see https://github.com/openid/ruby-openid/issues/122) so returning to the pool. (lamby) -- -sdl-image1.2 - NOTE: see libsdl2 entry. +sdl-image1.2 (Hugo Lefeuvre) + NOTE: see libsdl2-image entry. -- slurm-llnl -- sox + NOTE: 20190721: no patch available (hle) -- sqlite3 NOTE: CVE-2019-8457: Should be ignored, based on the discussion on debian-lts: View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03c3eedede357463700cfceba021029413b05ab4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/03c3eedede357463700cfceba021029413b05ab4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
