[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#964813: marked as done (stretch-pu: package debian-security-support/2020.06.21~deb9u1)

Your message dated Sat, 18 Jul 2020 13:07:00 +0100
with message-id <b8d89cdfeeda7b6d1ef96a8706a20f9525c2151b.camel@adam-barratt.org.uk>
and subject line Closing requests for fixes included in 9.13 point release
has caused the Debian Bug report #964813,
regarding stretch-pu: package debian-security-support/2020.06.21~deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
964813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964813
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

hi,

I'd like to update debian-security-support in stretch to 2020.06.21~deb9u1
with the following changes to document the state of security support today:

$ debdiff debian-security-support_2019.12.12~deb9u2.dsc debian-security-support_2020.06.21~deb9u1.dsc | diffstat
 debian/changelog             |   38 ++++++++++++++++++++++++++++++++++++++
 security-support-ended.deb10 |    1 +
 security-support-ended.deb8  |   16 ++++++++++++++++
 security-support-ended.deb9  |    8 +++++++-
 security-support-limited     |    3 ++-
 5 files changed, 64 insertions(+), 2 deletions(-)

$ debdiff debian-security-support_2019.12.12~deb9u2.dsc debian-security-support_2020.06.21~deb9u1.dsc 
dpkg-source: Warnung: unsigniertes Quellpaket wird extrahiert (/home/user/Projects/debian-security-support/debian-security-support_2020.06.21~deb9u1.dsc)
diff -Nru debian-security-support-2019.12.12~deb9u2/debian/changelog debian-security-support-2020.06.21~deb9u1/debian/changelog
--- debian-security-support-2019.12.12~deb9u2/debian/changelog	2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/debian/changelog	2020-07-10 19:58:12.000000000 +0200
@@ -1,3 +1,41 @@
+debian-security-support (2020.06.21~deb9u1) stretch; urgency=medium
+
+  * This update for stretch only contains changes to the files
+    security-support-limited and security-support-ended.deb(8|9|10) from
+    version 2020.06.21 from unstable, the changes in detail are:
+    - from 2020.06.21:
+      * Add cinder (OpenStack component) to security-support-ended.deb8.
+    - from 2020.06.11:
+      * Also add unbound to security-support-ended.deb8 - see DSA 4694-1
+        and https://lists.debian.org/debian-lts/2020/06/msg00024.html and
+        follow-ups.
+    - from 2020.06.09:
+      * Add unbound to security-support-ended.deb9 (see DSA 4694-1).
+    - from 2020.05.22:
+      * Add pdns-recursor to security-support-ended.deb9 as explained in
+        DSA-4691-1.
+    - from 2020.05.08:
+      * Mark OpenStack packages as being unsupported in LTS; "jessie lost support
+        from upstream just a few weeks after the release."
+    - from 2020.04.16:
+      * Add tor to security-support-ended.deb8 as well, see DSA 4644-1.
+      * Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of
+        CVE-2020-10674 (#954238), also see #954297, #954298 and #954299.
+    - from 2020.03.22:
+      * Add tor to security-support-ended.deb9, see DSA 4644-1.
+    - from 2020.03.15:
+      * security-support-limited/zoneminder: declare limited support behind an
+        authenticated HTTP zone (see #922724).
+    - from 2020.03.05:
+      * Add xen to security-support-ended.deb8.
+    - from 2020.02.21:
+      * Add nodejs to security-support-ended.deb8 and .deb9.
+    - from 2020.01.21:
+      * Add nethack to security-support-ended.deb8.
+      * Mark xen as end-of-life for Stretch (DSA 4602-1).
+
+ -- Holger Levsen <holger@debian.org>  Fri, 10 Jul 2020 19:58:12 +0200
+
 debian-security-support (2019.12.12~deb9u2) stretch-security; urgency=medium
 
   * Rebuild for stretch-security.
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb10 debian-security-support-2020.06.21~deb9u1/security-support-ended.deb10
--- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb10	2020-01-30 20:57:55.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb10	2020-07-10 19:46:36.000000000 +0200
@@ -11,3 +11,4 @@
 #    In the program's output, this is prefixed with "Details:"
 
 # none yet (please remove this line once this is not true anymore)
+libperlspeak-perl        2.01-2                  2020-04-16  https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 and 954298
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb8 debian-security-support-2020.06.21~deb9u1/security-support-ended.deb8
--- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb8	2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb8	2020-07-10 19:46:36.000000000 +0200
@@ -32,3 +32,19 @@
 nasm-mozilla             0                       2019-01-01  Only provided as build dependency for Firefox/Thunderbird >= 68
 nodejs-mozilla           0                       2019-01-01  Only provided as build dependency for Firefox/Thunderbird >= 68
 libqb                    0.11.1-2                2019-11-15  Leaf package, no upstream support for this version
+nethack                  3.4.3-15                2019-12-30  https://lists.debian.org/debian-lts/2019/12/msg00062.html
+nodejs			 0.10.29~dfsg-2		 2020-02-20  https://lists.debian.org/debian-lts/2020/02/msg00045.html and https://bugs.debian.org/931376
+xen                      4.4.4lts5-0+deb8u1      2020-03-02  https://lists.debian.org/debian-lts/2020/03/msg00020.html
+tor                      0.2.5.16-1              2020-03-20  https://lists.debian.org/debian-security-announce/2020/msg00047.html
+libperlspeak-perl        2.01-2                  2020-04-16  https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297
+# Openstack support dropped
+cinder                   2014.1.3-11+deb8u1      2020-06-19  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+glance                   2014.1.3-12+deb8u1      2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+horizon                  2014.1.3-7+deb8u2       2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+keystone                 2014.1.3-6              2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+nova                     2014.1.3-11             2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+python-keystoneclient    1:0.10.1-2+deb8u1       2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+python-novaclient        2:2.18.1-1              2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+swift                    2.2.0-1+deb8u1          2020-05-08  "Jessie lost support fom upstream just a few weeks after the release." (https://lists.debian.org/debian-lts/2015/11/msg00024.html)
+# End Openstack support dropped
+unbound                  1.4.22-3+deb8u4         2020-06-11  https://lists.debian.org/debian-lts/2020/06/msg00024.html and followups / DSA-4694-1
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-ended.deb9 debian-security-support-2020.06.21~deb9u1/security-support-ended.deb9
--- debian-security-support-2019.12.12~deb9u2/security-support-ended.deb9	2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-ended.deb9	2020-07-10 19:46:36.000000000 +0200
@@ -14,4 +14,10 @@
 jasperreports            4.1.3+dfsg-3            2017-12-09  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10
 nasm-mozilla             0                       2019-01-01  Only provided as build dependency for Firefox/Thunderbird >= 68
 nodejs-mozilla           0                       2019-01-01  Only provided as build dependency for Firefox/Thunderbird >= 68
-chromium		 73.0.3683.75-1~deb9u1	 2019-11-10  https://lists.debian.org/debian-security-announce/2019/msg00214.html
+chromium                 73.0.3683.75-1~deb9u1   2019-11-10  https://lists.debian.org/debian-security-announce/2019/msg00214.html
+xen                      4.8.5.final+shim4.10.4-1+deb9u12 2020-01-13 https://lists.debian.org/debian-security-announce/2020/msg00005.html
+nodejs                   0.10.29~dfsg-2          2020-02-20  https://lists.debian.org/debian-lts/2020/02/msg00045.html and https://bugs.debian.org/931376
+tor                      0.2.9.16-1              2020-03-20  https://lists.debian.org/debian-security-announce/2020/msg00047.html
+libperlspeak-perl        2.01-2                  2020-04-16  https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 and 954299
+pdns-recursor            4.0.4-1+deb9u4          2020-05-21  https://www.debian.org/security/2020/dsa-4691
+unbound                  1.6.0-3+deb9u2          2020-05-26  https://lists.debian.org/debian-security-announce/2020/msg00098.html
diff -Nru debian-security-support-2019.12.12~deb9u2/security-support-limited debian-security-support-2020.06.21~deb9u1/security-support-limited
--- debian-security-support-2019.12.12~deb9u2/security-support-limited	2020-01-30 22:04:07.000000000 +0100
+++ debian-security-support-2020.06.21~deb9u1/security-support-limited	2020-07-10 19:46:36.000000000 +0200
@@ -7,7 +7,7 @@
 #    In the program's output, this is prefixed with "Details:"
 
 adns            Stub resolver that should only be used with trusted recursors
-binutils        Not covered by security support
+binutils        Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg.fsf@mid.deneb.enyo.de
 ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
 ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
 glpi            Only supported behind an authenticated HTTP zone for trusted users
@@ -28,3 +28,4 @@
 webkitgtk       No security support upstream and backports not feasible, only for use on trusted content
 wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
 wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
+zoneminder      See README.Debian.security, only supported behind an authenticated HTTP zone, #922724


Thanks for the work on point releases!

-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

In Europe there are people prosecuted by courts because they saved other people
from drowning in the  Mediterranean Sea.  That is almost as absurd  as if there
were people being prosecuted because they save humans from drowning in the sea.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 9.13

Hi,

All of these requests relate to updates that were included in today's
stretch point release.

Regards,

Adam

--- End Message ---
Reply to: