lts: remove some packages from dla-needed

Now that stretch is EOL.

1 files changed, 0 insertions, 164 deletions

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index b39b714776..bfbdd9f975 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -13,11 +13,6 @@ To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
 --
-389-ds-base
-  NOTE: 20220529: Programming language: Python.
-  NOTE: 20220516: Source code is vulnerable to CVE-2022-0996. The package do not have a large install base so the
-  NOTE: 20220516: priority of fixing is probably low.
---
 amd64-microcode
   NOTE: 20220529: Programming language: binary blob.
 --
@@ -28,18 +23,6 @@ cgal
   NOTE: 20220529: Programming language: C++.
   NOTE: 20220421: many no-dsa issues, please check, whether it is possible to fix them without uploading a new upstream release (Anton)
 --
-ckeditor
-  NOTE: 20220529: Programming language: JavaScript.
-  NOTE: 20220402: multiple pendings vulnerabilities (Beuc/front-desk)
-  NOTE: 20220510: no rdeps, no sponsors, most CVEs require following upstream stable 4.x,
-  NOTE: 20220510: considering either ignoring, or mass-bumping all dists,
-  NOTE: 20220510: waiting for ckeditor_3_ discussion to close up first (Beuc)
-  NOTE: 20220510:   https://lists.debian.org/debian-lts/2022/05/msg00018.html
-  NOTE: 20220601: ckeditor3 is now end-of-life
-  NOTE: 20220601:   https://salsa.debian.org/debian/debian-security-support/-/merge_requests/14
-  NOTE: 20220617: contacted maintainers and secteam (Beuc)
-  NOTE: 20220617:   https://lists.debian.org/debian-lts/2022/06/msg00023.html
---
 curl (Emilio)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220530: update prepared, but there are test regressions, investigating (pochu)
@@ -61,46 +44,10 @@ freerdp
   NOTE: 20220529: Programming language: C.
   NOTE: 20220525: ~40 minor CVEs, consider coordinating with maintainer and/or secteam to do the same in freerdp2/buster (Beuc/front-desk)
 --
-gerbv
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220321: WIP https://salsa.debian.org/lts-team/packages/gerbv (Anton)
-  NOTE: 20220326: CVE-2021-40401 is fixed https://salsa.debian.org/lts-team/packages/gerbv/-/blob/debian/stretch/debian/patches/CVE-2021-40401.patch (Anton)
-  NOTE: 20220326: CVE-2021-4040{0,2,3} do not have confirmed upstream fixes yet. (Anton)
---
-golang-github-hashicorp-go-getter (Thorsten Alteholz)
-  NOTE: 20220529: Programming language: Go.
-  NOTE: 20220528: limited golang support in stretch (cf. stretch release notes)
-  NOTE: 20220528: no rdeps AFAICS so no need to rebuild other golang packages (Beuc/front-desk)
-  NOTE: 20220626: testing package
---
-golang-go.crypto (Dominik George)
-  NOTE: 20220529: Programming language: Go.
-  NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc/front-desk)
-  NOTE: 20220625: Recreated Git history for previous LTS uplaod.
-  NOTE: 20220625: Upstream patch is quite large; still trying to figure out how much of it is relevant. (natureshadow)
---
 grunt
   NOTE: 20220529: Programming language: JavaScript.
   NOTE: 20220528: upcoming stable update (cf. #1010211) + 1 new CVE (Beuc/front-desk)
 --
-halibut (Anton)
-  NOTE: 20220528: Programming language: C.
-  NOTE: 20220605: https://salsa.debian.org/lts-team/packages/halibut/ (Anton)
-  NOTE: 20220605: patch is over 2600 lines long. Consider updating to the 1.3 version (Anton)
-  NOTE: 20220605: Maintainer is contacted regarding this issue (Anton)
-  NOTE: 20220607: Maintainer is OK with the backport. But reverse dependencies should be checked whether the new version
-  NOTE: 20220607: is producing the same output. (Anton)
-  NOTE: 20220620: test package is built locally. Testing (Anton)
---
-horizon
-  NOTE: 20220529: Programming language: Python.
-  NOTE: 20220523: Follow buster: harmonize with with DSA-4820-1 (1 CVE) (Beuc/front-desk)
-  NOTE: 20220523: part of OpenStack (Beuc/front-desk)
---
-icingaweb2
-  NOTE: 20220529: Programming language: PHP.
-  NOTE: https://people.debian.org/~abhijith/upload/mruby/icingaweb2_2.6.2-3~bpo9+1+deb9u1.dsc (abhijith)
---
 intel-microcode
   NOTE: 20220529: Programming language: binary blob.
   NOTE: 20220213: please recheck
@@ -109,20 +56,6 @@ jupyter-notebook
   NOTE: 20220529: Programming language: Python.
   NOTE: 20220528: wrt CVE-2021-32798, caja is bundled (not external), cf. README.source (Beuc/front-desk)
 --
-keepass2
-  NOTE: 20220529: Programming language: C#
-  NOTE: 20220605: no patch available yet
-  NOTE: 20220624: tried to reproduce this on stretch, buster, and bullseye, and failed: details at #1008022 (enrico)
---
-kvmtool
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220402: stretch-specific, orphaned package (Beuc/front-desk)
-  NOTE: 20220402: CVE-2021-45464 looks critical, check with upstream for acknowledgments/fixes (Beuc/front-desk)
---
-lemonldap-ng
-  NOTE: 20220529: Programming language: Perl.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk)
---
 liblouis
   NOTE: 20220529: Programming language: C.
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
@@ -130,11 +63,6 @@ liblouis
   NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo,
   NOTE: 20220503: Patch not applied upstream yet.
 --
-libmatio (Abhijith PA)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220528: lots of postponed minor vulnerabilities, no past stretch security upload, supported package (Beuc/front-desk)
-  NOTE: 20220622: Continue with remaining work (abhijith)
---
 libvirt
   NOTE: 20220529: Programming language: C.
 --
@@ -144,73 +72,15 @@ linux (Ben Hutchings)
 linux-4.19 (Ben Hutchings)
   NOTE: 20220529: Programming language: C.
 --
-manila
-  NOTE: 20220529: Programming language: Python.
-  NOTE: 20220523: Follow buster: harmonize with with Debian 10.4 (1 CVE) (Beuc/front-desk)
-  NOTE: 20220523: part of OpenStack (Beuc/front-desk)
---
 mariadb-10.1
   NOTE: 20220529: Programming language: C.
   NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton)
 --
-mbedtls
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220404: update prepared, needs testing. (utkarsh)
-  NOTE: 20220419: waiting for a quick feedback from carnil. (utkarsh)
-  NOTE: 20220502: will upload with 1 fix and mark the other one
-  NOTE: 20220502: as no-dsa today/tomorrow. (utkarsh)
-  NOTE: 20220516: helf off upload to see if the other one should
-  NOTE: 20220516: be squeezed in. waiting on -pu. (utkarsh)
---
-modsecurity-crs (Andreas Rönnquist)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 and 10.11 (2 CVEs) (Beuc/front-desk)
---
 ncurses (Thorsten Alteholz)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 (2-3 CVEs + some non-CVE'd issues) (Beuc/front-desk)
   NOTE: 20220626: testing package
 --
-netatalk
-  NOTE: 20220616: Programming language: C.
---
-nvidia-cuda-toolkit
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220331: package is in non-free but also in packages-to-support (Beuc/front-desk)
---
-nvidia-graphics-drivers
-  NOTE: 20220529: Programming language: binary blob.
-  NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc/front-desk)
-  NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
-  NOTE: 20220209: backport (apo)
---
-ompl
-  NOTE: 20220622: Programming language: C++.
-  NOTE: 20220622: CVE-2021-42218 and CVE-2021-41490 are fixed in upstream git, memory leaks, unimportant
---
-openscad
-  NOTE: 20220529: Programming language: C++.
-  NOTE: 20220524: Follow buster: harmonize with with Debian 10.12 (1 CVE) (Beuc/front-desk)
-  NOTE: 20220524: vulnerable code for CVE-2020-28599 is in src/import.cc (Beuc/front-desk)
-  NOTE: 20220626: Utkarsh said, we won't fix this. Fixed packages at https://subdivi.de/~helmut/openscad_lts/
---
-pam-u2f (Andreas Rönnquist)
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220524: Follow buster: harmonize with with Debian 10.1 (2 CVEs + some non-CVE'd fixes) (Beuc/front-desk)
---
-pdns
-  NOTE: 20220529: Programming language: C++.
-  NOTE: 20220402: harmonize with buster/10.8 (Beuc/front-desk)
-  NOTE: 20220506: buster patches backported in https://salsa.debian.org/enrico/pdns/-/tree/stretch
-  NOTE: 20220506: and #debian-dns notified (enrico)
-  NOTE: 20220506: the patch for https://security-tracker.debian.org/tracker/CVE-2022-27227
-  NOTE: 20220506: would need to be completely rewritten for the stretch codebase (enrico)
-  NOTE: 20220506: package builds but does not run a test suite, and I lack the
-  NOTE: 20220506: know-how for testing manually (enrico)
---
-php-horde-turba
-  NOTE: 20220603: Programming language: PHP.
---
 postgresql-9.6 (Roberto C. Sánchez)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220523: cf. DSA-5135-1/DSA-5136-1 (Beuc/front-desk)
@@ -221,39 +91,14 @@ postgresql-9.6 (Roberto C. Sánchez)
   NOTE: 20220608: Upstream recommended waiting until a reported regression has been resolved (roberto)
   NOTE: 20220627: Awaiting upstream resolution of regression in original fix (roberto)
 --
-puppet-module-puppetlabs-firewall
-  NOTE: 20220529: Programming language: Ruby.
-  NOTE: 20220402: no Debian maintainers activity since 2018 (Beuc/front-desk)
---
 qemu (Abhijith PA)
   NOTE: 20220529: Programming language: C.
   NOTE: 20220527: a few new CVEs since last DLA, and buster got no updates since 2 years,
   NOTE: 20220527: so maybe coordinate to start anticipating the next LTS (Beuc/front-desk)
 --
-ring
-  NOTE: 20220529: Programming language: C++.
-  NOTE: 20220314: https://people.debian.org/~abhijith/upload/vda/ring_20161221.2.7bd7d91~dfsg1-1+deb9u2.dsc
-  NOTE: 20220404: package in archive is faulty. New regs can't be done due (abhijith)
-  NOTE: 20220404: a network error (abhijith)
-  NOTE: 20220506: Pinged maintainer team and maintainer (abhijith)
-  NOTE: 20220526: Re pinged Debian maintainer and Pinged upstream for help. (abhijith)
---
-ros-ros-comm
-  NOTE: 20220529: Programming language: Python.
-  NOTE: 20220524: Follow buster: harmonize with with Debian 10.7 and 10.12 (2 CVEs) (Beuc/front-desk)
---
-ruby-devise-two-factor
-  NOTE: 20220529: Programming language: Ruby.
-  NOTE: 20220427: Patch does not apply cleanly to LTS version, may be due to this being the result
-  NOTE: 20220427: of an incomplete fix to CVE-2015-7225. Will require some investigation. (lamby)
-  NOTE: 20220502: should be marked as no-dsa; will send more details on the list. (utkarsh)
---
 rustc (Emilio)
   NOTE: 20220614: backporting toolchain (rust, llvm...) for Firefox 102 ESR (pochu)
 --
-salt
-  NOTE: 20220529: Programming language: Python.
---
 samba
   NOTE: 20220529: Programming language: C.
   NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
@@ -261,10 +106,6 @@ samba
   NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
   NOTE: 20220125: ftbfs, wip. (utkarsh)
 --
-slurm-llnl
-  NOTE: 20220529: Programming language: C.
-  NOTE: 20220516: Checking the code it looks like the patches will apply so the code is clearly vulnerable.
---
 snapd
   NOTE: 20220529: Programming language: Go.
   NOTE: 20220308: seems vulnerable at least to setup_private_mount,
@@ -277,11 +118,6 @@ sox
   NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton)
   NOTE: 20220628: opened https://sourceforge.net/p/sox/bugs/362/ to track progress upstream (enrico)
 --
-spip
-  NOTE: 20220529: Programming language: PHP.
---
-thunderbird (Emilio)
---
 tiff
   NOTE: 20220529: Programming language: C.
   NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff.