packages in *-lts newer than in subsequent releases
Hi,
I tried to find all the affected packages, but there is no
guarantee that the following list is complete. ;-)
These packages are out-of-sync since they have a version
in jessie-lts (or earlier -lts) that is newer than in the
subsequent release(s):
* libpam-tacplus https://bugs.debian.org/962830 CVE-2020-13881
1.3.8-2+deb8u1 in jessie-lts
1.3.8-2 in stretch/buster/sid
libpam-tacplus | 1.3.6-1 | wheezy | source, amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc
libpam-tacplus | 1.3.8-2 | jessie | source, amd64, armel, armhf, i386
libpam-tacplus | 1.3.8-2 | stretch | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libpam-tacplus | 1.3.8-2 | buster | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libpam-tacplus | 1.3.8-2 | sid | source
libpam-tacplus | 1.3.8-2+b1 | sid | amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
libpam-tacplus | 1.3.8-2+deb8u1 | jessie-security | source, amd64, armel, armhf, i386
* pyxdg https://bugs.debian.org/930099 CVE-2019-12761
0.25-4+deb8u1 in jessie-lts
0.25-4 in stretch
0.25-5 in buster does not have the CVE-2019-12761 fix
pyxdg | 0.19-2 | squeeze | source
pyxdg | 0.19-5 | wheezy | source
pyxdg | 0.25-4 | jessie | source
pyxdg | 0.25-4 | stretch | source
pyxdg | 0.25-4+deb8u1 | jessie-kfreebsd-security | source
pyxdg | 0.25-4+deb8u1 | jessie-security | source
pyxdg | 0.25-5 | buster | source
pyxdg | 0.27-2 | bullseye | source
pyxdg | 0.27-2 | sid | source
* libkohana2-php (no bug) CVE-2016-10510
2.3.4-2+deb7u1 in wheezy-lts
2.3.4-2 in jessie
libkohana2-php | 2.3.4-1~bpo60+1 | squeeze-backports | all
libkohana2-php | 2.3.4-2 | wheezy | source, all
libkohana2-php | 2.3.4-2 | jessie | source, all
libkohana2-php | 2.3.4-2+deb7u1 | wheezy-security | source, all
* usermode https://bugs.debian.org/991808
1.109-1+deb7u2 in wheezy-lts
1.109-1 in jessie
1.109-1 in stretch
usermode | 1.109-1 | wheezy | source, amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc
usermode | 1.109-1 | jessie | source, amd64, armel, armhf, i386
usermode | 1.109-1 | stretch | source
usermode | 1.109-1+b2 | stretch | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
usermode | 1.109-1+deb7u2 | wheezy-security | source, amd64, armel, armhf, i386
usermode | 1.109-3 | buster | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
usermode | 1.113-4 | bullseye | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
usermode | 1.113-4 | sid | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
usermode | 1.114-2 | experimental | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
* postgresql-9.1 (no bug)
9.1.24lts2-0+deb7u2 in wheezy-lts
9.1.22-0+deb8u1 in jessie
src:postgresql-9.1 in jessie only builds the
postgresql-plperl-9.1 binary which is out-of sync
(anything else is built from src:postgresql-9.4)
postgresql-plperl-9.1 | 9.1.16-0+deb8u1 | jessie-kfreebsd-security | kfreebsd-amd64, kfreebsd-i386
postgresql-plperl-9.1 | 9.1.16-0+deb8u1 | jessie-security | amd64, armel, armhf, i386
postgresql-plperl-9.1 | 9.1.21-0+deb7u1 | wheezy | amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc
postgresql-plperl-9.1 | 9.1.22-0+deb8u1 | jessie | amd64, armel, armhf, i386
postgresql-plperl-9.1 | 9.1.24lts2-0+deb7u2 | wheezy-security | amd64, armel, armhf, i386
And while we are at it:
* rust-doc in stretch-lts (and jessie-lts) is not installable
since it depends on the unavailable fonts-open-sans
https://bugs.debian.org/928422
Please get the missing fixes into stretch-lts.
Is jessie-lts still open? If it is still possible to fix the issues
there, too, getting the fixes into jessie-lts would be nice.
Thanks!
Andreas
Reply to: