diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2022-07-02 18:50:50 +0200 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2022-07-02 18:54:14 +0200 |
commit | b47632f7a575294671681acf6b621a1dbdcde7e7 (patch) | |
tree | 479af3c89876b3db11739370345443cccfdd31c8 | |
parent | 77f06064b7881f6a54aca4d8011cfd464621a093 (diff) |
lts: remove more packages from dla-needed
-rw-r--r-- | data/dla-needed.txt | 115 |
1 files changed, 0 insertions, 115 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt index bfbdd9f975..ee1238235b 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -13,123 +13,8 @@ To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. -- -amd64-microcode - NOTE: 20220529: Programming language: binary blob. --- -apache2 (Roberto C. Sánchez) - NOTE: 20220618: Programming language: C. --- -cgal - NOTE: 20220529: Programming language: C++. - NOTE: 20220421: many no-dsa issues, please check, whether it is possible to fix them without uploading a new upstream release (Anton) --- -curl (Emilio) - NOTE: 20220529: Programming language: C. - NOTE: 20220530: update prepared, but there are test regressions, investigating (pochu) - NOTE: 20220615: made some progress on the test regressions, some are due to flaky tests apparently, - NOTE: 20220615: but at least one seems to be caused by one of the fixes (pochu) --- -exempi - NOTE: 20220529: Programming language: C++. - NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis - NOTE: 20220517: is needed. --- -firmware-nonfree - NOTE: 20220529: Programming language: binary blob. - NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree - NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag - NOTE: 20211207: Intend to release this week. --- -freerdp - NOTE: 20220529: Programming language: C. - NOTE: 20220525: ~40 minor CVEs, consider coordinating with maintainer and/or secteam to do the same in freerdp2/buster (Beuc/front-desk) --- -grunt - NOTE: 20220529: Programming language: JavaScript. - NOTE: 20220528: upcoming stable update (cf. #1010211) + 1 new CVE (Beuc/front-desk) --- -intel-microcode - NOTE: 20220529: Programming language: binary blob. - NOTE: 20220213: please recheck --- -jupyter-notebook - NOTE: 20220529: Programming language: Python. - NOTE: 20220528: wrt CVE-2021-32798, caja is bundled (not external), cf. README.source (Beuc/front-desk) --- -liblouis - NOTE: 20220529: Programming language: C. - NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN - NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too. - NOTE: 20220503: CVE-2022-26981 patch applied in salsa lts-team repo, - NOTE: 20220503: Patch not applied upstream yet. --- -libvirt - NOTE: 20220529: Programming language: C. --- linux (Ben Hutchings) - NOTE: 20220529: Programming language: C. --- -linux-4.19 (Ben Hutchings) - NOTE: 20220529: Programming language: C. --- -mariadb-10.1 - NOTE: 20220529: Programming language: C. - NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton) --- -ncurses (Thorsten Alteholz) - NOTE: 20220529: Programming language: C. - NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 (2-3 CVEs + some non-CVE'd issues) (Beuc/front-desk) - NOTE: 20220626: testing package --- -postgresql-9.6 (Roberto C. Sánchez) - NOTE: 20220529: Programming language: C. - NOTE: 20220523: cf. DSA-5135-1/DSA-5136-1 (Beuc/front-desk) - NOTE: 20220523: 9.6 is EOL'd upstream (Beuc/front-desk) - NOTE: 20220523: Christoph Berg won't handle this update (Beuc/front-desk) - NOTE: 20220523: https://lists.debian.org/debian-lts/2022/05/msg00054.html - NOTE: 20220608: Prepared backport of upstream patches and requested upstream review (roberto) - NOTE: 20220608: Upstream recommended waiting until a reported regression has been resolved (roberto) - NOTE: 20220627: Awaiting upstream resolution of regression in original fix (roberto) --- -qemu (Abhijith PA) - NOTE: 20220529: Programming language: C. - NOTE: 20220527: a few new CVEs since last DLA, and buster got no updates since 2 years, - NOTE: 20220527: so maybe coordinate to start anticipating the next LTS (Beuc/front-desk) -- rustc (Emilio) NOTE: 20220614: backporting toolchain (rust, llvm...) for Firefox 102 ESR (pochu) -- -samba - NOTE: 20220529: Programming language: C. - NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/ - NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton) - NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh) - NOTE: 20220125: ftbfs, wip. (utkarsh) --- -snapd - NOTE: 20220529: Programming language: Go. - NOTE: 20220308: seems vulnerable at least to setup_private_mount, - NOTE: 20220308: but double check (pochu) --- -sox - NOTE: 20220529: Programming language: C. - NOTE: 20220326: CVE-2019-13590 is fixed in git (Anton) - NOTE: 20220326: https://salsa.debian.org/lts-team/packages/sox - NOTE: 20220326: fix for CVE-2021-40426 is not yet available (Anton) - NOTE: 20220628: opened https://sourceforge.net/p/sox/bugs/362/ to track progress upstream (enrico) --- -tiff - NOTE: 20220529: Programming language: C. - NOTE: 20220404: jessie upload at https://salsa.debian.org/lts-team/packages/tiff. - NOTE: 20220404: if that works out well, I'll roll the same for stretch. (utkarsh) - NOTE: 20220419: new CVE reported; waiting to see if there are more. (utkarsh) - NOTE: 20220502: will collate the new CVEs and update the package. (utkarsh) - NOTE: 20220513: more CVEs, ugh. Probably will consider rolling out the ones - NOTE: 20220513: that are already applied and tested and re-add tiff here. (utkarsh) --- -unzip - NOTE: 20220529: Programming language: C. - NOTE: 20220319: no patches yet but reproducible (apo) - NOTE: 20220429: CVE-2022-0530: reported #1010355 with a proposed patch (enrico) - NOTE: 20220429: CVE-2022-0529: sent a proposed patch to sanvila and team@s.d.o (enrico) --- |