[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#888767: jessie-pu: package debian-security-support/2018.01.29~deb8u1

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-CC: team@security.debian.org

This update brings debian-security-support in line with unstable. Most
notably in oldstable this affects swftools since security support for it is
now limited and chromium which doesn't receive any further security updates.
Cheers,
 -- Guido


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff --git a/debian/changelog b/debian/changelog
index 94d43a6..f55e7e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,44 @@
+debian-security-support (2018.01.29~deb8u1) oldstable-proposed-updates; urgency=medium
+
+  * Rebuild for jessie
+
+ -- Guido Günther <agx@sigxcpu.org>  Mon, 29 Jan 2018 17:30:46 +0100
+
+debian-security-support (2018.01.29) unstable; urgency=medium
+
+  [ Markus Koschany ]
+  * Add teamspeak to security-support-ended.deb7
+  * Add libstruts1.2-java to security-support-ended.deb7.
+  * Add nvidia-graphics-drivers to security-support-ended.deb7.
+    Non-free is not supported
+  * Add glassfish to security-support-ended.deb7
+  * Mark jbossas4 as end-of-life in Wheezy.
+  * Mark jasperreports as unsupported in Wheezy.
+    No sponsor users it. Targeted fixes not possible because detailed
+    information about the vulnerabilities and their solution (patches) is not
+    available.
+
+  [ Salvatore Bonaccorso ]
+  * Mark chromium-browser as end-of-life for Debian 8 (Jessie)
+
+  [ Raphaël Hertzog ]
+  * Mark libnet-ping-external-perl as unsupported in wheezy.
+  * Mark mp3gain as unsupported in wheezy.
+
+  [ Emilio Pozuelo Monfort ]
+  * Mark tor as unsupported in wheezy.
+
+  [ Guido Günther ]
+  * Add swftools to security support limited
+    swftools is orphaned (#885088) and the security tracker is currently
+    counting 25 open CVEs. It is a useful tool with trusted content though.
+  * Bump standards version to 4.1.3.
+    No changes needed
+  * Bump debhelper compat level to 9 which is available in oldoldstable
+    (wheezy).
+
+ -- Guido Günther <agx@sigxcpu.org>  Mon, 29 Jan 2018 17:05:46 +0100
+
 debian-security-support (2017.06.02~deb8u1) jessie; urgency=medium
 
   * Rebuild for jessie.
diff --git a/debian/compat b/debian/compat
index 45a4fb7..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-8
+9
diff --git a/debian/control b/debian/control
index 2b827d1..f764ab9 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: admin
 Priority: optional
 Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
 Uploaders: Debian Security Team <team@security.debian.org>
-Build-Depends: debhelper (>= 8~),
+Build-Depends: debhelper (>= 9~),
     asciidoc,
     gettext,
     gawk,
@@ -15,7 +15,7 @@ Build-Depends: debhelper (>= 8~),
     original-awk,
     po-debconf,
     xmlto,
-Standards-Version: 3.9.8
+Standards-Version: 4.1.3
 Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git
 Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git
 
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..525d1b4
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch=jessie
diff --git a/security-support-ended.deb7 b/security-support-ended.deb7
index 5cfd110..5278edb 100644
--- a/security-support-ended.deb7
+++ b/security-support-ended.deb7
@@ -52,3 +52,13 @@ kfreebsd-8              8.3-6+deb7u1            2016-02-06  Not supported in Deb
 kfreebsd-9              9.0-10+deb70.10         2016-02-06  Not supported in Debian LTS
 ioquake3                1.36+svn2287-1          2017-03-15  Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/03/msg00075.html)
 autotrace               0.31.1-16               2017-06-01  Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/05/msg00124.html)
+teamspeak-server        2.0.24.1+debian-1.1     2017-07-31  Not supported in Debian LTS (non-free)
+teamspeak-client        2.0.32-3.1              2017-07-31  Not supported in Debian LTS (non-free)
+libstruts1.2-java       1.2.9-5+deb7u2          2017-09-23  Not supported in Debian LTS
+nvidia-graphics-drivers 304.131-1               2017-09-24  Not supported in Debian LTS (non-free)
+glassfish               1:2.1.1-b31g-3          2017-09-26  Not supported in Debian LTS
+jbossas4                4.2.3.GA-7              2017-10-31  Not supported in Debian LTS
+libnet-ping-external-perl 0.13-1                2017-12-21  Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/threads.html#00073)
+mp3gain                 1.5.2-r2-2+deb7u1       2017-12-21  Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00086.html)
+tor                     0.2.4.29-1              2017-12-28  Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00004.html)
+jasperreports           4.1.3+dfsg-1            2018-01-12  Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00088.html)
diff --git a/security-support-ended.deb8 b/security-support-ended.deb8
index 8b8498a..c4e75df 100644
--- a/security-support-ended.deb8
+++ b/security-support-ended.deb8
@@ -19,3 +19,4 @@ sogo                     2.2.9+git20141017-1     2017-01-14  https://lists.debia
 cgiemail                 1.6-37                  2017-06-02  https://lists.debian.org/debian-announce/2017/msg00002.html
 owncloud                 7.0.4+dfsg-4~deb8u3     2017-06-02  https://lists.debian.org/debian-announce/2017/msg00002.html
 owncloud-apps            0~~20141022-1           2017-06-02  https://lists.debian.org/debian-announce/2017/msg00002.html
+chromium-browser         57.0.2987.98-1~deb8u1   2017-11-07  https://lists.debian.org/debian-security-announce/2017/msg00282.html
diff --git a/security-support-limited b/security-support-limited
index b7e8d70..a651d73 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -20,6 +20,7 @@ ocsinventory-server Only supported behind an authenticated HTTP zone
 qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
 qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
 sql-ledger      Only supported behind an authenticated HTTP zone
+swftools        Not covered by security support, only suitable for trusted content
 webkitgtk       No security support upstream and backports not feasible, only for use on trusted content
 wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
 wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
Reply to: