Re: working for wheezy-security until wheezy-lts starts
On Tue, Mar 01, 2016 at 07:15:28AM +0000, Mike Gabriel wrote:
[..snip..]
> >>Issues that are unfixed in wheezy but fixed in squeeze:
> >>* aptdaemon -> CVE-2015-1323
> >>* cakephp -> TEMP-0000000-698CF7
> >>* dhcpcd -> CVE-2012-6698 CVE-2012-6699 CVE-2012-6700
> >>* eglibc -> CVE-2014-9761
> >>* extplorer -> CVE-2015-0896
> >>* fuseiso -> TEMP-0779047-8CABD5 TEMP-0779047-E29D8E
> >>* gosa -> CVE-2014-9760 CVE-2015-8771
> >>* gtk+2.0 -> CVE-2013-7447
> >>* icu -> CVE-2015-2632
> >>* imagemagick -> TEMP-0773834-5EB6CF
> >>* imlib2 -> CVE-2014-9762 CVE-2014-9763 CVE-2014-9764
> >>* inspircd -> CVE-2015-8702
> >>* libebml -> CVE-2015-8790 CVE-2015-8791
> >>* libidn -> CVE-2015-2059 TEMP-0000000-54045E
> >>* libmatroska -> CVE-2015-8792
> >>* libsndfile -> CVE-2014-9756 CVE-2015-7805
> >>* libstruts1.2-java -> CVE-2015-0899
> >>* libtorrent-rasterbar -> CVE-2015-5685
> >>* mono -> CVE-2009-0689
> >>* nss -> CVE-2015-7181 CVE-2015-7182 CVE-2016-1938
> >>* optipng -> CVE-2015-7801
> >>* phpmyadmin -> CVE-2016-2039 CVE-2016-2041
> >>* pixman -> CVE-2014-9766
> >>* python-tornado -> CVE-2014-9720
> >>* roundcube -> CVE-2015-8770
> >>* srtp -> CVE-2015-6360
> >>* tomcat6 -> CVE-2013-4286 CVE-2013-4322 CVE-2014-0033
> >>CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0227
> >>CVE-2014-0230 CVE-2014-7810 CVE-2015-5174 CVE-2015-5345 CVE-2015-5351
> >>CVE-2016-0706 CVE-2016-0714 CVE-2016-0763
> >
> >I'm focusing on these picking older ones over newer ones to not stomp
> >onto the security teams toes.
>
> Do you announce anywhere, that you will start working on a specific package?
> Wouldn't it make sense to put all the packages listed below into
> data/dsa-needed.txt (with approval from the Security Team) and then put our
> names behind those package names?
In order to avoid double work I added these to dsa-needed.txt and put my
name on the line.
Cheers,
-- Guido
Reply to: