blob: aaa483acf00ee37b97945ae1a1150bb91e9fea47 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
An LTS security update is needed for the following source packages.
When you add a new entry, please keep the list alphabetically sorted.
The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
when working on an update.
To work on a package, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.
NOTE: IMPORTANT: during 2022-08, make sure you do NOT conflict with a
NOTE: IMPORTANT: prepared upload for buster's last point release, see:
NOTE: IMPORTANT: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=release.debian.org@packages.debian.org;tag=pu
--
apache2
NOTE: 20220811: Programming language: C.
NOTE: 20220723: Prepared update 2.4.38-3+deb10u8 and filed #1014346 requesting SRM approval for upload to final buster point release (roberto)
NOTE: 20220723: Received upload approval from SRM and uploaded to buster (roberto)
NOTE: 20220809: Package is in oldstable-proposed-updates and will be in final buster point release (roberto)
--
asterisk (Markus Koschany)
NOTE: 20220810: Programming language: C.
--
curl (Markus Koschany)
NOTE: 20220802: Programming language: C.
--
epiphany-browser (Emilio)
NOTE: 20220811: Programming language: C.
--
freecad (Emilio)
NOTE: 20220815: Programming language: Python.
NOTE: 20220815: Not all of the vulnerable os.system calls exist in the buster version. (lamby)
--
jetty9 (Markus Koschany)
NOTE: 20220802: Programming language: Java.
--
kicad
NOTE: 20220811: Programming language: C++.
--
kopanocore (Andreas Rönnquist)
NOTE: 20220801: Programming language: C++.
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
--
linux (Ben Hutchings)
--
maven-shared-utils
NOTE: 20220813: Programming language: Java
NOTE: 20220813: VCS: https://salsa.debian.org/java-team/maven-shared-utils
NOTE: 20220813: Maintainer notes: Markus is active in the Java team
NOTE: 20220813: Special attention: Relatively high popcon
NOTE: 20220813: Patch is relatively high. Please check, whether it can safely be applied (Anton)
--
mediawiki (Markus Koschany)
NOTE: 20220810: Programming language: PHP.
--
ndpi (Anton)
NOTE: 20220801: Programming language: C.
--
net-snmp (Thorsten Alteholz)
NOTE: 20220816: Programming language: C.
--
netatalk
NOTE: 20220816: Programming language: C.
--
nodejs
NOTE: 20220801: Programming language: JavaScript.
NOTE: 20220801: one of the upstream fixes doesn't address the security issue
--
php-horde-mime-viewer
NOTE: 20220816: Programming language: PHP.
--
php-horde-turba
NOTE: 20220816: Programming language: PHP.
--
puma (Abhijith PA)
NOTE: 20220801: Programming language: Ruby.
--
qemu (Abhijith PA)
NOTE: 20220802: Programming language: C.
NOTE: 20220802: debdiff of backported fixes was submitted to buster-proposed-updates: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007931 and
NOTE: 20220802: wcan now be released as DLA instead. The updated packages are/were running fine in a buster ganeti cluster. (jmm)
NOTE: 20220808: conflicting pu at https://people.debian.org/~abhijith/upload/mruby/qemu_3.1+dfsg-8+deb10u9.dsc , needs to be merged (Beuc/abhijith)
--
rails
NOTE: 20220817: Programming language: Ruby.
NOTE: 20220817: Vulnerable to at least CVE-2022-21831.
--
rsync (Stefano Rivera)
NOTE: 20220811: Programming language: C.
NOTE: 20220811: All patches should be applied. If it is too disruptive - evaluate the CVE`s severity (Anton)
--
ruby-tzinfo
NOTE: 20220817: Programming language: Ruby.
--
salt
NOTE: 20220814: Programming language: Python
NOTE: 20220814: Packages is not in the supported packages by us.
NOTE: 20220814: Also, I am not sure, whether it is possible to fix issues
NOTE: 20220814: without backporting a newer verion. (Anton)
--
schroot (carnil)
NOTE: 20220813: Programming language: C++
NOTE: 20220813: VCS: https://salsa.debian.org/debian/schroot/
NOTE: 20220813: Maintainer notes: Maintainer prepares o-o-stable updates
NOTE: 20220813: Debian security team will release DSA and DLA
--
zlib (Emilio)
NOTE: 20220813: Programming language: C
NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/
NOTE: 20220813: Special attention: Very high popcon. Please test carefully!
--
|
