DSA candidates
otrs2 -- agg/stable -- cacti/stable -- cairo/stable -- ceph/stable -- exiv2/stable -- freerdp/stable -- gnutls28/stable -- icingaweb2/stable -- jackson-databind/stable -- jupyter-notebook/stable -- liblivemedia/stable -- libraw/stable -- libsolv/stable -- libthrift-java/stable -- mate-screensaver/stable -- mumble/stable -- mupdf/stable -- mxml/stable -- mysql-connector-python/stable -- nasm/stable -- netbeans/stable -- nettle/stable -- nss/stable -- open-build-service/stable -- openvswitch/stable -- paramiko/stable -- php-horde/stable -- php-horde-core/stable -- php-horde-kronolith/stable -- phpmyadmin/stable -- poppler/stable -- pyopenssl/stable -- python-numpy/stable -- qemu/stable -- qtbase-opensource-src/stable -- r-cran-readxl/stable -- radare2/stable -- rails/stable -- rdesktop/stable -- resiprocate/stable -- ruby-doorkeeper/stable -- ruby-rails-admin/stable -- ruby-rails-html-sanitizer/stable -- ruby-zip/stable -- salt/stable -- symfony/stable -- systemd/stable -- tcpreplay/stable -- tiff/stable -- tomcat8/stable -- uriparser/stable -- uw-imap/stable -- wordpress/stable -- -- The above is a list of DSA candidates based on the tracker's information. One should evaluate the candidates and either add them to dsa-needed.txt or consider tagging them no-dsa.
External check
CVE-2018-1000873: TODO: check, could affect any of the src-jackson* packages CVE-2018-20096: TODO: check CVE-2018-20097: TODO: check CVE-2018-20098: TODO: check CVE-2019-3808: RESERVED CVE-2019-3809: RESERVED CVE-2019-3810: RESERVED CVE-2019-6501: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.
Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data
+debian-admin On Mon, Jan 21, 2019 at 02:26:16PM +0100, Julien Cristau wrote: > On Mon, Jan 21, 2019 at 09:27:19AM +0100, Philipp Hahn wrote: > > Package: security-tracker > > Severity: important > > > > Dear Maintainer, > > > > the JSON stream of the Debian Security Bug Tracker seems to report stale > > data since the beginning of January 2019: > > > > $ curl -I https://security-tracker.debian.org/tracker/data/json > > HTTP/2 200 > > date: Mon, 21 Jan 2019 08:10:06 GMT > > ... > > content-length: 19836218 > > last-modified: Wed, 02 Jan 2019 19:49:17 GMT > > expires: Wed, 02 Jan 2019 20:57:34 GMT > > > > This breaks our process to monitor the Debian Security updates by > > processing the DSAs in a machine-readable format. > > > Looks like at least one CDN node was returning stale data. I purged > /tracker/data/json and things are looking ok now. Thanks for the > report. > For the record, in case this comes back: I wasn't able to reproduce, but both Philipp and Ansgar were getting stale data with a "x-cache: UPDATING" header, from 23.111.9.35. For me from the same ip the data was recent and "x-cache: HIT". Cheers, Julien
Bug#919977: marked as done (security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data)
Your message dated Mon, 21 Jan 2019 14:26:16 +0100 with message-id <20190121132616.ga8...@tomate.cristau.org> and subject line Re: Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data has caused the Debian Bug report #919977, regarding security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 919977: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919977 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: important Dear Maintainer, the JSON stream of the Debian Security Bug Tracker seems to report stale data since the beginning of January 2019: $ curl -I https://security-tracker.debian.org/tracker/data/json HTTP/2 200 date: Mon, 21 Jan 2019 08:10:06 GMT ... content-length: 19836218 last-modified: Wed, 02 Jan 2019 19:49:17 GMT expires: Wed, 02 Jan 2019 20:57:34 GMT This breaks our process to monitor the Debian Security updates by processing the DSAs in a machine-readable format. Philipp -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On Mon, Jan 21, 2019 at 09:27:19AM +0100, Philipp Hahn wrote: > Package: security-tracker > Severity: important > > Dear Maintainer, > > the JSON stream of the Debian Security Bug Tracker seems to report stale > data since the beginning of January 2019: > > $ curl -I https://security-tracker.debian.org/tracker/data/json > HTTP/2 200 > date: Mon, 21 Jan 2019 08:10:06 GMT > ... > content-length: 19836218 > last-modified: Wed, 02 Jan 2019 19:49:17 GMT > expires: Wed, 02 Jan 2019 20:57:34 GMT > > This breaks our process to monitor the Debian Security updates by > processing the DSAs in a machine-readable format. > Looks like at least one CDN node was returning stale data. I purged /tracker/data/json and things are looking ok now. Thanks for the report. Cheers, Julien--- End Message ---
Bug#919977: security-tracker: https://security-tracker.debian.org/tracker/data/json returns stale data
Package: security-tracker Severity: important Dear Maintainer, the JSON stream of the Debian Security Bug Tracker seems to report stale data since the beginning of January 2019: $ curl -I https://security-tracker.debian.org/tracker/data/json HTTP/2 200 date: Mon, 21 Jan 2019 08:10:06 GMT ... content-length: 19836218 last-modified: Wed, 02 Jan 2019 19:49:17 GMT expires: Wed, 02 Jan 2019 20:57:34 GMT This breaks our process to monitor the Debian Security updates by processing the DSAs in a machine-readable format. Philipp -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)