Updates to debian-security-support

To: team@security.debian.org
Cc: debian-lts@lists.debian.org, Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Subject: Updates to debian-security-support
From: Raphael Hertzog <raphael@ouaza.com>
Date: Fri, 18 Dec 2015 12:10:09 +0100
Message-id: <[🔎] 20151218111009.GA23289@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <raphael@ouaza.com>, team@security.debian.org, debian-lts@lists.debian.org, Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

Hello,

I pushed some updates to the git repository of debian-security-support
basically updating the status of virtualbox-ose in squeeze but also
handling some open bugs that various maintainers filed about their
own package (cf patches in attachment).

Are the changes OK for the security team and can I upload the package to
unstable? (And then backport to squeeze)

Do we have an official vetting process for those kind of maintainer
requests?

Shall there be announces for all packages which are not security
supported? Most of those that I added are in stable releases: xbmc,
qtwebkit-opensource-src, wine-gecko-2.21.

Cheers,
-- 
Raphaël Hertzog ◈ Writer/Consultant ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/

>From a6fb8c683ae484e0808a83b528d4841eb79793b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:19:38 +0100
Subject: [PATCH 1/4] Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported
 in all releases

Closes: #804058
---
 debian/changelog         | 5 +++++
 security-support-limited | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5909096..1edec01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
 debian-security-support (2015.08.13) UNRELEASED; urgency=medium
 
+  [ Salvatore Bonaccorso ]
   * Mark typo3-src as unsupported in Wheezy.
     Thanks to Holger Levsen <holger@layer-acht.org> (Closes: #793454)
 
+  [ Raphaël Hertzog ]
+  * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all
+    releases. Closes: #804058
+
  -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 13 Aug 2015 21:45:20 +0200
 
 debian-security-support (2015.07.11) unstable; urgency=medium
diff --git a/security-support-limited b/security-support-limited
index 03d7a01..94a2fa5 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -22,5 +22,7 @@ pidgin          Support in squeeze is limited to IRC, Jabber/XMPP, Sametime and
 qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
 sql-ledger      Only supported behind an authenticated HTTP zone
 webkitgtk       No security support upstream and backports not feasible, only for use on trusted content
+wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
+wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
 xulrunner       Xulrunner was added in Wheezy 7.8 to fix build failures since Iceweasel 31 no longer provides a Xul lib. It's not covered by security support
 
-- 
2.6.4

>From 093ac4b7f850180af9a196ee12948206ba4739fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:22:11 +0100
Subject: [PATCH 2/4] Mark virtualbox-ose as unsupported in Squeeze (cf DLA
 372-1).

---
 debian/changelog            | 1 +
 security-support-ended.deb6 | 1 +
 2 files changed, 2 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1edec01..1a33997 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium
   [ Raphaël Hertzog ]
   * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all
     releases. Closes: #804058
+  * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1).
 
  -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 13 Aug 2015 21:45:20 +0200
 
diff --git a/security-support-ended.deb6 b/security-support-ended.deb6
index bafae6d..834fa24 100644
--- a/security-support-ended.deb6
+++ b/security-support-ended.deb6
@@ -46,6 +46,7 @@ spip            2.1.1-3squeeze7         2014-05-31 Not supported in squeeze LTS
 textpattern     4.2.0-2                 2014-12-13 https://lists.debian.org/debian-lts/2014/12/msg00009.html
 turba2          2.3.4+debian0-1         2014-05-31 Not supported in squeeze LTS
 typo3-src       4.3.9+dfsg1-1+squeeze9  2014-05-31 Not supported in squeeze LTS
+virtualbox-ose  3.2.28-dfsg-1+squeeze1  2015-12-18 https://lists.debian.org/debian-lts-announce/2015/12/msg00014.html
 vlc             1.1.3-1squeeze6         2014-05-31 Not supported in squeeze LTS
 wireshark       1.2.11-6+squeeze15      2014-12-31 Not supported in squeeze LTS for analysis of untrusted traffic
 xen             4.0.1-5.11              2014-05-31 Not supported in squeeze LTS
-- 
2.6.4

>From 35e3bf6d523a267ed484fb489ad0dc4f43ade39e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:34:15 +0100
Subject: [PATCH 3/4] Mark xbmc and kodi as unsupported in all releases

Closes: #791867
---
 debian/changelog         | 1 +
 security-support-limited | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1a33997..3cd161e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium
   * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all
     releases. Closes: #804058
   * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1).
+  * Mark xbmc and kodi as unsupported in all releases. Closes: #791867
 
  -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 13 Aug 2015 21:45:20 +0200
 
diff --git a/security-support-limited b/security-support-limited
index 94a2fa5..564dba4 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -12,6 +12,7 @@ ganglia         See README.Debian.security, only supported behind an authenticat
 ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
 glpi            Only supported behind an authenticated HTTP zone for trusted users
 kde4libs        khtml has no security support upstream, only for use on trusted content
+kodi            No security support upstream, you must always use the latest version. See https://bugs.debian.org/791867
 libv8-3.14      Not covered by security support, only suitable for trusted content
 ltp             Pure Testsuite, only supported on non-production non-multiuser systems
 mozjs           Not covered by security support, only suitable for trusted content
@@ -24,5 +25,6 @@ sql-ledger      Only supported behind an authenticated HTTP zone
 webkitgtk       No security support upstream and backports not feasible, only for use on trusted content
 wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
 wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
+xbmc            No security support upstream, you must always use the latest version. See https://bugs.debian.org/791867
 xulrunner       Xulrunner was added in Wheezy 7.8 to fix build failures since Iceweasel 31 no longer provides a Xul lib. It's not covered by security support
 
-- 
2.6.4

>From d4cc493d3132b7fe032081c7355c6bdd8eea803c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:42:16 +0100
Subject: [PATCH 4/4] Mark qtwebkit-opensource-src as unsupported in all
 releases. Closes: #799189

---
 debian/changelog         | 2 ++
 security-support-limited | 1 +
 2 files changed, 3 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 3cd161e..9327732 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium
     releases. Closes: #804058
   * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1).
   * Mark xbmc and kodi as unsupported in all releases. Closes: #791867
+  * Mark qtwebkit-opensource-src as unsupported in all releases.
+    Closes: #799189
 
  -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 13 Aug 2015 21:45:20 +0200
 
diff --git a/security-support-limited b/security-support-limited
index 564dba4..3fafd54 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -21,6 +21,7 @@ mozjs24         Not covered by security support, only suitable for trusted conte
 ocsinventory-server Only supported behind an authenticated HTTP zone
 pidgin          Support in squeeze is limited to IRC, Jabber/XMPP, Sametime and SIMPLE
 qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
+qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
 sql-ledger      Only supported behind an authenticated HTTP zone
 webkitgtk       No security support upstream and backports not feasible, only for use on trusted content
 wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
-- 
2.6.4

Reply to:

Follow-Ups:
- Re: Updates to debian-security-support
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: Updates to debian-security-support
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: squeeze update of samba?
Next by Date: squeeze update of ldb also needed (was: squeeze update of samba?)
Previous by thread: Re: squeeze update of samba?
Next by thread: Re: Updates to debian-security-support
Index(es):
- Date
- Thread