Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits: f183d0ef by Utkarsh Gupta at 2022-05-03T18:08:55+05:30 Add notes for packages - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -42,11 +42,11 @@ composer: (Markus Koschany) NOTE: 20220424: programming language PHP NOTE: 20220424: check whether really affected (Anton) -- -debian-security-support +debian-security-support (Utkarsh) NOTE: 20220402: need to update the list of unsupported packages (Beuc) NOTE: 20220402: check debian/README.source, sync with h01ger, and announce EOL'd packages (Beuc) NOTE: 20220402: context: https://lists.debian.org/debian-lts/2022/04/msg00000.html (Beuc) - NOTE: 20220419: backport prepped, will contact Holger for more details. (utkarsh) + NOTE: 20220502: backport prepped, will contact Holger for more details. (utkarsh) -- ffmpeg (enrico) NOTE: 20220503: update to 3.2.17 (pochu) @@ -105,14 +105,17 @@ linux-4.19 (Ben Hutchings) mariadb-10.1 NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton) -- -mbedtls +mbedtls (Utkarsh) NOTE: 20220404: update prepared, needs testing. (utkarsh) NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh) + NOTE: 20220502: will upload with 1 fix and mark the other one + NOTE: 20220502: as no-dsa today/tomorrow. (utkarsh) -- mruby (Abhijith PA) NOTE: https://people.debian.org/~abhijith/upload/mruby/mruby_1.2.0+20161228+git30d5424a-1+deb9u1.dsc (abhijith) -- mutt (Utkarsh) + NOTE: 20220502: update prepared. smoke test pending. (utkarsh) -- nvidia-cuda-toolkit NOTE: 20220331: package is in non-free but also in packages-to-support (Beuc) @@ -140,6 +143,7 @@ ring (Abhijith PA) ruby-devise-two-factor NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to this being the result NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some investigation. (lamby) + NOTE: 20220502: should be marked as no-dsa; will send more details on the list. (utkarsh) -- salt -- @@ -165,10 +169,11 @@ subversion (Roberto C. Sánchez) NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby) NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico) -- -tiff +tiff (Utkarsh) NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff. NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh) NOTE: 20220419: new CVE reported; waiting to see if there are more. (utkarsh) + NOTE: 20220502: will collate the new CVEs and update the package. (utkarsh) -- twig (Markus Koschany) NOTE: 20220402: cf. DSA-5107-1; similar code in lib/Twig/Extension/Core.php (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f183d0effce18ad962a639c9f5720227f709d326 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f183d0effce18ad962a639c9f5720227f709d326 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
