how reliable is "debian-security-support" ? AW: [SECURITY] Security support for Wheezy handed over to the LTS team
How often i have to update the "debian-security-support" package?
Since wheezy went to LTS, there are serveral updates to the " security-support-ended.deb7" file (which lists the support state).
On my wheezy LTS test system i have:
ii debian-security-support 2015.04.04~deb7u1
with this " security-support-ended.deb7" content:
iceape 2.7.12-1+alpha 2013-12-16 https://lists.debian.org/debian-security-announce/2013/msg00233.html
chromium-browser 37.0.2062.120-1~deb7u1 2015-01-31 https://lists.debian.org/debian-security-announce/2015/msg00031.html
ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-actionpack-2.3 2.3.14-5 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-activerecord-2.3 2.3.14-6 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-activeresource-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-activesupport-2.3 2.3.14-7 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-rails-2.3 2.3.14-4 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
But on https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git/tree/security-support-ended.deb7
There are some more packages listet:
hromium-browser 37.0.2062.120-1~deb7u1 2015-01-31 https://lists.debian.org/debian-security-announce/2015/msg00031.html
iceape 2.7.12-1+alpha 2013-12-16 https://lists.debian.org/debian-security-announce/2013/msg00233.html
ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-actionpack-2.3 2.3.14-5 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-activerecord-2.3 2.3.14-6 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-activeresource-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-actionmailer-2.3 2.3.14-3 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-activesupport-2.3 2.3.14-7 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
ruby-rails-2.3 2.3.14-4 2014-07-19 https://lists.debian.org/debian-security-announce/2014/msg00164.html
redmine 1.4.4+dfsg1-2+deb7u1 2014-07-19 Depends on ruby-rails-2.3 which is not supported
tomcat6 6.0.45+dfsg-1~deb7u1 2016-12-31 https://tomcat.apache.org/tomcat-60-eol.html
typo3-src 4.5.19+dfsg1-5+wheezy4 2015-07-23 https://lists.debian.org/debian-security-announce/2015/msg00210.html
virtualbox 4.1.42-dfsg-1+deb7u1 2016-01-27 https://lists.debian.org/debian-security-announce/2016/msg00024.html
# Packages below are no longer supported in Wheezy during the LTS period
mantis 1.2.18-1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00019.html)
movabletype-opensource 5.1.4+dfsg-4+deb7u3 2016-02-06 Not supported in Debian LTS (http://lists.debian.org/20151104190529.GY7054@urchin.earth.li)
openjdk-6 6b38-1.13.10-1~deb7u1 2016-04-15 Not supported in Wheezy LTS https://lists.debian.org/debian-lts/2016/02/msg00153.html
openswan 1:2.6.37-3 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00019.html)
# Openstack support dropped
glance 2012.1.1-5 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
horizon 2012.1.1-10 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
keystone 2012.1.1-13+wheezy1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
nova 2012.1.1-18 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
python-keystoneclient 2012.1-3+deb7u1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
python-novaclient 1:2012.1-4 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
swift 1.4.8-2+deb7u1 2016-02-06 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
# End Openstack support dropped
In the history log of this file are changes after Wheezy went to LTS (asterix is now support, at 2016-05-04 13:47:11), but there is no newer " debian-security-support" package that include this.
So how reliable is "debian-security-support" ?
Reiner Schulz
> -----Ursprüngliche Nachricht-----
> Von: Markus Koschany [mailto:apo@debian.org]
> Gesendet: Montag, 25. April 2016 12:25
> An: debian-lts-announce@lists.debian.org
> Betreff: [SECURITY] Security support for Wheezy handed over to the LTS team
> Wichtigkeit: Hoch
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> As of 25 April, one year after the release of Debian 8, alias "Jessie",
> and nearly three years after the release of Debian 7, alias "Wheezy",
> regular security support for Wheezy comes to an end. The Debian Long
> Term Support (LTS) Team will take over security support.
>
> Information for users
> =====================
>
> Wheezy LTS will be supported from 26 April 2016 to 31 May 2018.
>
> For Debian 7 Wheezy LTS there will be no requirement to add a separate
> wheezy-lts suite to your sources.list any more and your current setup
> will continue to work without further changes.
>
> For how to use Debian Long Term Support please read
>
> https://wiki.debian.org/LTS/Using
>
> Important information and changes regarding Wheezy LTS can be found at
>
> https://wiki.debian.org/LTS/Wheezy
>
> Most notably OpenJDK 7 will be made the new Java default JRE/JDK on 26
> June 2016 to ensure full security support until Wheezy LTS reaches its
> end-of-life.
>
> You should also subscribe to the announcement mailing list for
> security updates for Wheezy LTS:
>
> https://lists.debian.org/debian-lts-announce/
>
> A few packages are not covered by the Wheezy LTS support. These can be
> detected by installing the debian-security-support package. If
> debian-security-support detects an unsupported package which is critical
> to you, please get in touch with debian-lts@lists.debian.org.
>
>
> Mailing lists
> =============
>
> The whole coordination of the Debian LTS effort is handled through the
> debian-lts mailing list:
>
> https://lists.debian.org/debian-lts/
>
> Please subscribe or follow us via GMANE (gmane.linux.debian.devel.lts)
>
> Aside from the debian-lts-announce list, there is also a list for
> following all uploads in Wheezy LTS:
>
> https://lists.debian.org/debian-lts-changes/
>
>
> Security Tracker
> ================
>
> All information on the status of vulnerabilities (e.g. if the version in
> Wheezy LTS happens to be unaffected while Jessie is affected) will be
> tracked in the Debian Security Tracker:
>
> http://security-tracker.debian.org
>
> If you happen to spot an error in the data, please see
>
> https://security-tracker.debian.org/tracker/data/report
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQJ8BAEBCgBmBQJXHfCLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25z
> Lm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQ
> TgzNUZE
> OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkkPoQAIixNUUwDel2fCT7RTs
> r8fM5
> 4ik15vXDYgqCIvfMKWNMqe1Haxway9p0pBjVWnAjeWslLp2liMKlbB/PiikpNesQ
> 3e8AJvNtSsMTDG+pDBbQIPb3fjir65qcayWSclVvDuFZK6rdWkYcvqh8fRE6BZ81
> NiufvWN0o4wLZm6GiAF9PNSIeeRJCjCMUYU0Myl16jDbrfCUaQr+70UkIUp69h/
> M
> nZ65vZKuXD+78CtGUfgHfrcG8lbWq/pDG98P/Pc63JNr+A6VhKrJM4ncR1lHQOf
> 8
> 6fBhf9v1UfvR9pZWBakmaHnXpD6VxY44xzv+txOcuYWqxW23Mvg0OAU3KW/z
> ofy7
> 3NSDEj7Kw4RoQY7NqjdhW2o01bn9QtB6VNh6qY7I8Vf4P2OqgpAYfZdvmBqdO
> w6a
> lWavtSr40jwRu7YryoWnIMgdrv4u3G9OTVRmyUcMruvC7EkPSfKHOByW4Ew/V
> UaI
> f6zc7PApotOwT+iuBWI4u/7k9I6SvBNjiS84Ph4V0y65axRm1CK/XZANCJW870DR
> 6JV7atxQoXXAhP0McCoxpVBSPTQqfV+ADaStzgnQ1/Ax8KMNfAD4QcXAxcCn
> DGDz
> 9jUeYhdKpuKKM7dukOVsnWX+pJ9nfet2VtfRo3wO8B9Pp3L5EzpE9sLL8o/4hPG8
> OjFDxD9gween3PaSarCU
> =kjwD
> -----END PGP SIGNATURE-----
Reply to: