Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits: f0d3b16a by Roberto C. Sánchez at 2025-11-03T10:38:02-05:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Roberto C. Sánchez <[email protected]> - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -85,14 +85,14 @@ epiphany-browser NOTE: 20250429: Changes the UI to prompt when opening URLs in external applications. (lamby) NOTE: 20250606: mark as ignored/end-of-life if webkit2gtk doesn't get updated (pochu) -- -erlang (jspricke) +erlang NOTE: 20250710: Added by Front-Desk (apo) NOTE: 20250719: SPU in progress https://bugs.debian.org/1105009 (Beuc/front-desk) NOTE: 20251016: Pinged the maintainer about SPU and proposed LTS patch: NOTE: 20251016: https://salsa.debian.org/erlang-team/packages/erlang/-/merge_requests/3 NOTE: 20251016: ssh related CVE patches seems too invasive to backport (jspricke) -- -expat (guilhem) +expat NOTE: 20250922: Added by Front-Desk (ta) NOTE: 20251020: In progress, the fix for CVE-2025-59375 is very intrusive and NOTE: 20251020: triaging it like CVE-2024-28757 might make sense (guilhem) @@ -171,7 +171,7 @@ icingaweb2 NOTE: 20250603: I also saw in the release log that multiple issues were fixed without mentioning any CVE (dleidert) NOTE: 20250603: upstream should be asked about the patches for CVE 2025-* (dleidert) -- -jackson-core (eamanu) +jackson-core NOTE: 20250707: Added by Front-Desk (apo) NOTE: 20251016: A single patch is not possible to apply to fix the CVE. I'm working on backporting more than one. -- @@ -218,7 +218,7 @@ libxmltok NOTE: 20250421: Fixing the expat copy in xmlrpc-c at the same time would make sense. (bunk) NOTE: 20250505: WIP there are lots of CVEs to review (ta) -- -libxslt (guilhem) +libxslt NOTE: 20250930: Added by Front-Desk (rouca) NOTE: 20251020: In progress, waiting for upstream action (guilhem) -- @@ -308,7 +308,7 @@ pure-ftpd (santiago) NOTE: 20251031: Added by coordinator (santiago) NOTE: 20251031: Added to fix CVE-2021-40524, sync'ing with buster (santiago) -- -pytorch (dleidert) +pytorch NOTE: 20250422: Added by Front-Desk (rouca) NOTE: 20250422: CVE-2025-32434 RCE need to be fixed. DoS may be postponed (rouca/FD) NOTE: 20251020: wip (dleidert) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0d3b16a7e9163a095c0e2883b73cb4cfa11c859 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0d3b16a7e9163a095c0e2883b73cb4cfa11c859 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
