summaryrefslogtreecommitdiffstats
path: root/data/dla-needed.txt
blob: fe7a69f10fe5ae0d9ee5538e09af8ba940438c2d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
An LTS security update is needed for the following source packages.
When you add a new entry, please keep the list alphabetically sorted.

The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
when working on an update.

To work on a package, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues

To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.

NOTE: IMPORTANT: during 2022-08, make sure you do NOT conflict with a
NOTE: IMPORTANT: prepared upload for buster's last point release, see:
NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu

--
apache2
  NOTE: 20220811: Programming language: C.
  NOTE: 20220723: Prepared update 2.4.38-3+deb10u8 and filed #1014346 requesting SRM approval for upload to final buster point release (roberto)
  NOTE: 20220723: Received upload approval from SRM and uploaded to buster (roberto)
  NOTE: 20220809: Package is in oldstable-proposed-updates and will be in final buster point release (roberto)
--
asterisk (Markus Koschany)
  NOTE: 20220810: Programming language: C.
  NOTE: 20220810: Added
--
curl (Markus Koschany)
  NOTE: 20220802: Programming language: C.
  NOTE: 20220802: Added
--
jetty9 (Markus Koschany)
  NOTE: 20220802: Programming language: Java.
  NOTE: 20220802: Added
--
kopanocore (Andreas Rönnquist)
  NOTE: 20220801: Programming language: C++.
  NOTE: 20220801: Added
  NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
--
linux (Ben Hutchings)
--
mediawiki (Markus Koschany)
  NOTE: 20220810: Programming language: PHP.
  NOTE: 20220810: Added
--
ndpi (Anton)
  NOTE: 20220801: Programming language: C.
  NOTE: 20220801: Added
--
nodejs
  NOTE: 20220801: Programming language: JavaScript.
  NOTE: 20220801: Added
  NOTE: 20220801: one of the upstream fixes doesn't address the security issue
--
puma
  NOTE: 20220801: Programming language: Ruby.
  NOTE: 20220801: Added
--
rsync (Stefano Rivera)
  NOTE: 20220811: Programming language: C.
  NOTE: 20220811: Added
  NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton)
--
qemu (Abhijith PA)
  NOTE: 20220802: Programming language: C.
  NOTE: 20220802: Added
  NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
  NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm)
  NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
--

© 2014-2022 Faster IT GmbH | imprint | privacy policy