dsa-needed.txt 1.19 KB
Newer Older
1 2
A DSA is needed for the following source packages in old/stable. The specific
CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
3 4 5 6 7
https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
when working on an update.

Some packages are not tracked here:
- Linux kernel (tracking in kernel-sec repo)
8
- Embargoed issues continue to be tracked in separate file.
9 10 11

To pick an issue, simply add your uid behind it.

12 13
If needed, specify the release by adding a slash after the name of the source package.

14
--
15
asterisk
16
--
17 18
chromium-browser
--
19 20
condor
--
Moritz Muehlenhoff's avatar
Moritz Muehlenhoff committed
21
icedove (jmm)
22
--
23
imagemagick
24
--
25
libav
26
--
27
liblivemedia
28
--
Moritz Muehlenhoff's avatar
Moritz Muehlenhoff committed
29 30
libphp-snoopy
--
31 32
libreoffice
--
Michael Gilbert's avatar
Michael Gilbert committed
33
nss
34
 RH has moved to 3.16 even in EL5, Ubuntu uses 3.17 across the LTSes, maybe we should follow that approach
Salvatore Bonaccorso's avatar
Salvatore Bonaccorso committed
35
 Debdiff applied against current version for interim update: https://people.debian.org/~carnil/tmp/nss/
Michael Gilbert's avatar
Michael Gilbert committed
36
--
37
openswan (corsac)
38 39
  NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
  (#744717)
40
--
Moritz Muehlenhoff's avatar
Moritz Muehlenhoff committed
41 42
p7zip
--
43 44
python-django
--
Moritz Muehlenhoff's avatar
Moritz Muehlenhoff committed
45 46
rpm (jmm)
--
Moritz Muehlenhoff's avatar
Moritz Muehlenhoff committed
47 48 49
ruby1.9.1
  (no-dsa issues CVE-2013-2065 and CVE-2014-4975 could be fixed along)
--
50 51
smarty3
--
52 53 54 55
tomcat6
--
tomcat7
--
Salvatore Bonaccorso's avatar
Salvatore Bonaccorso committed
56
unrtf (carnil)
57
--
58 59
xdg-utils
--
60 61
xen
--
Moritz Muehlenhoff's avatar
Moritz Muehlenhoff committed
62
zendframework
63
--