Updates to debian-security-support
Hello,
I pushed some updates to the git repository of debian-security-support
basically updating the status of virtualbox-ose in squeeze but also
handling some open bugs that various maintainers filed about their
own package (cf patches in attachment).
Are the changes OK for the security team and can I upload the package to
unstable? (And then backport to squeeze)
Do we have an official vetting process for those kind of maintainer
requests?
Shall there be announces for all packages which are not security
supported? Most of those that I added are in stable releases: xbmc,
qtwebkit-opensource-src, wine-gecko-2.21.
Cheers,
--
Raphaël Hertzog ◈ Writer/Consultant ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
>From a6fb8c683ae484e0808a83b528d4841eb79793b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:19:38 +0100
Subject: [PATCH 1/4] Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported
in all releases
Closes: #804058
---
debian/changelog | 5 +++++
security-support-limited | 2 ++
2 files changed, 7 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 5909096..1edec01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,13 @@
debian-security-support (2015.08.13) UNRELEASED; urgency=medium
+ [ Salvatore Bonaccorso ]
* Mark typo3-src as unsupported in Wheezy.
Thanks to Holger Levsen <holger@layer-acht.org> (Closes: #793454)
+ [ Raphaël Hertzog ]
+ * Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all
+ releases. Closes: #804058
+
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 13 Aug 2015 21:45:20 +0200
debian-security-support (2015.07.11) unstable; urgency=medium
diff --git a/security-support-limited b/security-support-limited
index 03d7a01..94a2fa5 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -22,5 +22,7 @@ pidgin Support in squeeze is limited to IRC, Jabber/XMPP, Sametime and
qtwebkit No security support upstream and backports not feasible, only for use on trusted content
sql-ledger Only supported behind an authenticated HTTP zone
webkitgtk No security support upstream and backports not feasible, only for use on trusted content
+wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
+wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
xulrunner Xulrunner was added in Wheezy 7.8 to fix build failures since Iceweasel 31 no longer provides a Xul lib. It's not covered by security support
--
2.6.4
>From 093ac4b7f850180af9a196ee12948206ba4739fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:22:11 +0100
Subject: [PATCH 2/4] Mark virtualbox-ose as unsupported in Squeeze (cf DLA
372-1).
---
debian/changelog | 1 +
security-support-ended.deb6 | 1 +
2 files changed, 2 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 1edec01..1a33997 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium
[ Raphaël Hertzog ]
* Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all
releases. Closes: #804058
+ * Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1).
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 13 Aug 2015 21:45:20 +0200
diff --git a/security-support-ended.deb6 b/security-support-ended.deb6
index bafae6d..834fa24 100644
--- a/security-support-ended.deb6
+++ b/security-support-ended.deb6
@@ -46,6 +46,7 @@ spip 2.1.1-3squeeze7 2014-05-31 Not supported in squeeze LTS
textpattern 4.2.0-2 2014-12-13 https://lists.debian.org/debian-lts/2014/12/msg00009.html
turba2 2.3.4+debian0-1 2014-05-31 Not supported in squeeze LTS
typo3-src 4.3.9+dfsg1-1+squeeze9 2014-05-31 Not supported in squeeze LTS
+virtualbox-ose 3.2.28-dfsg-1+squeeze1 2015-12-18 https://lists.debian.org/debian-lts-announce/2015/12/msg00014.html
vlc 1.1.3-1squeeze6 2014-05-31 Not supported in squeeze LTS
wireshark 1.2.11-6+squeeze15 2014-12-31 Not supported in squeeze LTS for analysis of untrusted traffic
xen 4.0.1-5.11 2014-05-31 Not supported in squeeze LTS
--
2.6.4
>From 35e3bf6d523a267ed484fb489ad0dc4f43ade39e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:34:15 +0100
Subject: [PATCH 3/4] Mark xbmc and kodi as unsupported in all releases
Closes: #791867
---
debian/changelog | 1 +
security-support-limited | 2 ++
2 files changed, 3 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 1a33997..3cd161e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium
* Mark wine-gecko-2.21 and wine-gecko-2.24 as unsupported in all
releases. Closes: #804058
* Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1).
+ * Mark xbmc and kodi as unsupported in all releases. Closes: #791867
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 13 Aug 2015 21:45:20 +0200
diff --git a/security-support-limited b/security-support-limited
index 94a2fa5..564dba4 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -12,6 +12,7 @@ ganglia See README.Debian.security, only supported behind an authenticat
ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
glpi Only supported behind an authenticated HTTP zone for trusted users
kde4libs khtml has no security support upstream, only for use on trusted content
+kodi No security support upstream, you must always use the latest version. See https://bugs.debian.org/791867
libv8-3.14 Not covered by security support, only suitable for trusted content
ltp Pure Testsuite, only supported on non-production non-multiuser systems
mozjs Not covered by security support, only suitable for trusted content
@@ -24,5 +25,6 @@ sql-ledger Only supported behind an authenticated HTTP zone
webkitgtk No security support upstream and backports not feasible, only for use on trusted content
wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
+xbmc No security support upstream, you must always use the latest version. See https://bugs.debian.org/791867
xulrunner Xulrunner was added in Wheezy 7.8 to fix build failures since Iceweasel 31 no longer provides a Xul lib. It's not covered by security support
--
2.6.4
>From d4cc493d3132b7fe032081c7355c6bdd8eea803c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <hertzog@debian.org>
Date: Fri, 18 Dec 2015 11:42:16 +0100
Subject: [PATCH 4/4] Mark qtwebkit-opensource-src as unsupported in all
releases. Closes: #799189
---
debian/changelog | 2 ++
security-support-limited | 1 +
2 files changed, 3 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 3cd161e..9327732 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ debian-security-support (2015.08.13) UNRELEASED; urgency=medium
releases. Closes: #804058
* Mark virtualbox-ose as unsupported in Squeeze (cf DLA 372-1).
* Mark xbmc and kodi as unsupported in all releases. Closes: #791867
+ * Mark qtwebkit-opensource-src as unsupported in all releases.
+ Closes: #799189
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 13 Aug 2015 21:45:20 +0200
diff --git a/security-support-limited b/security-support-limited
index 564dba4..3fafd54 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -21,6 +21,7 @@ mozjs24 Not covered by security support, only suitable for trusted conte
ocsinventory-server Only supported behind an authenticated HTTP zone
pidgin Support in squeeze is limited to IRC, Jabber/XMPP, Sametime and SIMPLE
qtwebkit No security support upstream and backports not feasible, only for use on trusted content
+qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
sql-ledger Only supported behind an authenticated HTTP zone
webkitgtk No security support upstream and backports not feasible, only for use on trusted content
wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
--
2.6.4
Reply to: