--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package debian-security-support/2018.01.29~deb9u1
- From: Guido Günther <agx@sigxcpu.org>
- Date: Mon, 29 Jan 2018 17:36:58 +0100
- Message-id: <20180129163658.GA30686@bogon.m.sigxcpu.org>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
This update brings debian-security-support in line with unstable. Most
notably in stable this affects swftools since security support for it is
now limited.
Cheers,
-- Guido
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 28a9b5d..669e194 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,44 @@
+debian-security-support (2018.01.29~deb9u1) stable-proposed-updates; urgency=medium
+
+ * Rebuild for stretch
+
+ -- Guido Günther <agx@sigxcpu.org> Mon, 29 Jan 2018 17:23:45 +0100
+
+debian-security-support (2018.01.29) unstable; urgency=medium
+
+ [ Markus Koschany ]
+ * Add teamspeak to security-support-ended.deb7
+ * Add libstruts1.2-java to security-support-ended.deb7.
+ * Add nvidia-graphics-drivers to security-support-ended.deb7.
+ Non-free is not supported
+ * Add glassfish to security-support-ended.deb7
+ * Mark jbossas4 as end-of-life in Wheezy.
+ * Mark jasperreports as unsupported in Wheezy.
+ No sponsor users it. Targeted fixes not possible because detailed
+ information about the vulnerabilities and their solution (patches) is not
+ available.
+
+ [ Salvatore Bonaccorso ]
+ * Mark chromium-browser as end-of-life for Debian 8 (Jessie)
+
+ [ Raphaël Hertzog ]
+ * Mark libnet-ping-external-perl as unsupported in wheezy.
+ * Mark mp3gain as unsupported in wheezy.
+
+ [ Emilio Pozuelo Monfort ]
+ * Mark tor as unsupported in wheezy.
+
+ [ Guido Günther ]
+ * Add swftools to security support limited
+ swftools is orphaned (#885088) and the security tracker is currently
+ counting 25 open CVEs. It is a useful tool with trusted content though.
+ * Bump standards version to 4.1.3.
+ No changes needed
+ * Bump debhelper compat level to 9 which is available in oldoldstable
+ (wheezy).
+
+ -- Guido Günther <agx@sigxcpu.org> Mon, 29 Jan 2018 17:05:46 +0100
+
debian-security-support (2017.06.02) unstable; urgency=medium
[ Moritz Muehlenhoff ]
diff --git a/debian/compat b/debian/compat
index 45a4fb7..ec63514 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-8
+9
diff --git a/debian/control b/debian/control
index 2b827d1..f764ab9 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: admin
Priority: optional
Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Uploaders: Debian Security Team <team@security.debian.org>
-Build-Depends: debhelper (>= 8~),
+Build-Depends: debhelper (>= 9~),
asciidoc,
gettext,
gawk,
@@ -15,7 +15,7 @@ Build-Depends: debhelper (>= 8~),
original-awk,
po-debconf,
xmlto,
-Standards-Version: 3.9.8
+Standards-Version: 4.1.3
Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git
Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..ee4e7df
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch=stretch
diff --git a/security-support-ended.deb7 b/security-support-ended.deb7
index 5cfd110..5278edb 100644
--- a/security-support-ended.deb7
+++ b/security-support-ended.deb7
@@ -52,3 +52,13 @@ kfreebsd-8 8.3-6+deb7u1 2016-02-06 Not supported in Deb
kfreebsd-9 9.0-10+deb70.10 2016-02-06 Not supported in Debian LTS
ioquake3 1.36+svn2287-1 2017-03-15 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/03/msg00075.html)
autotrace 0.31.1-16 2017-06-01 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/05/msg00124.html)
+teamspeak-server 2.0.24.1+debian-1.1 2017-07-31 Not supported in Debian LTS (non-free)
+teamspeak-client 2.0.32-3.1 2017-07-31 Not supported in Debian LTS (non-free)
+libstruts1.2-java 1.2.9-5+deb7u2 2017-09-23 Not supported in Debian LTS
+nvidia-graphics-drivers 304.131-1 2017-09-24 Not supported in Debian LTS (non-free)
+glassfish 1:2.1.1-b31g-3 2017-09-26 Not supported in Debian LTS
+jbossas4 4.2.3.GA-7 2017-10-31 Not supported in Debian LTS
+libnet-ping-external-perl 0.13-1 2017-12-21 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/threads.html#00073)
+mp3gain 1.5.2-r2-2+deb7u1 2017-12-21 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00086.html)
+tor 0.2.4.29-1 2017-12-28 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00004.html)
+jasperreports 4.1.3+dfsg-1 2018-01-12 Not supported in Debian LTS (https://lists.debian.org/debian-lts/2017/12/msg00088.html)
diff --git a/security-support-ended.deb8 b/security-support-ended.deb8
index 8b8498a..c4e75df 100644
--- a/security-support-ended.deb8
+++ b/security-support-ended.deb8
@@ -19,3 +19,4 @@ sogo 2.2.9+git20141017-1 2017-01-14 https://lists.debia
cgiemail 1.6-37 2017-06-02 https://lists.debian.org/debian-announce/2017/msg00002.html
owncloud 7.0.4+dfsg-4~deb8u3 2017-06-02 https://lists.debian.org/debian-announce/2017/msg00002.html
owncloud-apps 0~~20141022-1 2017-06-02 https://lists.debian.org/debian-announce/2017/msg00002.html
+chromium-browser 57.0.2987.98-1~deb8u1 2017-11-07 https://lists.debian.org/debian-security-announce/2017/msg00282.html
diff --git a/security-support-limited b/security-support-limited
index b7e8d70..a651d73 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -20,6 +20,7 @@ ocsinventory-server Only supported behind an authenticated HTTP zone
qtwebkit No security support upstream and backports not feasible, only for use on trusted content
qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
sql-ledger Only supported behind an authenticated HTTP zone
+swftools Not covered by security support, only suitable for trusted content
webkitgtk No security support upstream and backports not feasible, only for use on trusted content
wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
--- End Message ---