Jeremiah C. Foster pushed to branch master at Debian Security Tracker / security-tracker
Commits: 63d58345 by Jeremiah C. Foster at 2022-05-16T22:26:44-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Jeremiah C. Foster <[email protected]> - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -33,7 +33,7 @@ asterisk (Abhijith PA) cgal NOTE: 20220421: many no-dsa issues, please check, whether it is possible to fix them without uploading a new upstream release (Anton) -- -ckeditor (Sylvain Beucler) +ckeditor NOTE: 20220402: multiple pendings vulnerabilities (Beuc) -- clamav (Emilio) @@ -62,7 +62,7 @@ gerbv golang-go.crypto NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc) -- -gpac (Roberto C. Sánchez) +gpac NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto) NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto) NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto) @@ -70,7 +70,7 @@ gpac (Roberto C. Sánchez) NOTE: 20220413: New CVEs continue flooding in (roberto) NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- -icingaweb2 (Abhijith PA) +icingaweb2 NOTE: https://people.debian.org/~abhijith/upload/mruby/icingaweb2_2.4.1-1+deb9u2.dsc (abhijith) -- intel-microcode (Stefano Rivera) @@ -86,7 +86,7 @@ liblouis NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo, NOTE: 20220503: Patch not applied upstream yet. -- -libpgjava (Markus Koschany) +libpgjava -- libvirt (Thorsten Alteholz) NOTE: 20220508: testing package @@ -177,7 +177,7 @@ sox NOTE: 20220326: https://salsa.debian.org/lts-team/packages/sox NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton) -- -subversion (Roberto C. Sánchez) +subversion NOTE: 20220422: Upstream's patch for CVE-2021-28544 does not cleanly apply (eg. "copyfrom_path = apr_pstrdup(...)" assignment) NOTE: 20220422: and, once applied manually, appears to break multiple and possibly unrelated parts of the testsuite. (lamby) NOTE: 20220501: Done some analysis, worked on a patch, cannot find a way to test it, mailed results to Roberto C. Sánchez (enrico) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63d58345a20951f0419a2fbfa3617181eda0ae84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63d58345a20951f0419a2fbfa3617181eda0ae84 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
