summaryrefslogtreecommitdiffstats
path: root/data/dla-needed.txt
blob: cd176711aa8d2387c6a013684f0d392cc86086c2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
An LTS security update is needed for the following source packages.
When you add a new entry, please keep the list alphabetically sorted.

The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
when working on an update.

To pick an issue, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues

To make it easier to see the entire history of an update, please append notes
rather than remove/replace existing ones.

--
ansible
  NOTE: 20210411: As discussed with the maintainer I will update Buster first and
  NOTE: 20210411: after that LTS. (apo)
  NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
debian-archive-keyring
  NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
  NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
  NOTE: 20211003: waiting for Jonathan to get back as his keys
  NOTE: 20211003: seemed to have expired and the build is thus
  NOTE: 20211003: failing. Or at least appears to be. :( (utkarsh)
  NOTE: 20211018: Jonathan is prepping the branch; will work
  NOTE: 20211018: with him and upload and publish the DLA. (utkarsh)
--
firmware-nonfree (Markus Koschany)
  NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
  NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
  NOTE: 20211207: Intend to release this week.
--
gif2apng (Anton)
  NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc)
  NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)
--
gpac
  NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto)
  NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)
  NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto)
--
h2database (Markus Koschany)
--
htmldoc (Thorsten Alteholz)
--
intel-microcode
  NOTE: 20220213: please recheck
--
libarchive (Thorsten Alteholz)
  NOTE: 20220213: testing package
--
libgit2 (Utkarsh)
  NOTE: 20220208: got clearance. will upload this week. (utkarsh)
--
libxstream-java (Chris Lamb)
--
linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
--
nvidia-graphics-drivers
   NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc)
   NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
   NOTE: 20220209: backport (apo)
--
pjproject (Abhijith PA)
  NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
--
samba
  NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
  NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)
  NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
  NOTE: 20220125: ftbfs, wip. (utkarsh)
--
tiff (Thorsten Alteholz)
--
twisted (Sylvain Beucler)
--
ujson (Anton)
  NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch
  NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton)
--
vim (Markus Koschany)
--
zsh (Emilio)
--

© 2014-2022 Faster IT GmbH | imprint | privacy policy