...
 
Commits (327)
......@@ -28,7 +28,7 @@ from debian.debian_support import Version
class LTSMissingUploads(object):
MONTHS = 6
SOURCES = 'http://security.debian.org/dists/wheezy/updates/main/source/Sources.gz'
SOURCES = 'http://security.debian.org/dists/jessie/updates/main/source/Sources.gz'
re_line = re.compile(
r'(?P<suffix>msg\d+.html).*\[DLA (?P<dla>[\d-]+)\] (?P<source>[^\s]+) security update.*'
......
......@@ -22,7 +22,7 @@ import sys
from tracker_data import TrackerData, RELEASES
# lts is currently wheezy, next_lts jessie
# lts is currently jessie, next_lts stretch
LIST_NAMES = (
('needs_fix_in_next_lts',
('Issues that are unfixed in {next_lts} but fixed in {lts}'
......
......@@ -29,8 +29,8 @@ RELEASES = {
'unstable': 'sid',
'experimental': 'experimental',
# LTS specific aliases
'lts': 'wheezy',
'next_lts': 'jessie',
'lts': 'jessie',
'next_lts': 'stretch',
}
......
......@@ -121,11 +121,6 @@ class BugFilter:
return no_dsa_reason == 'postponed' and not self.params['nopostponed']
class TrackerService(webservice_base_class):
head_contents = compose(
LINK(' ', href="/tracker/style.css"),
SCRIPT(' ', src="/tracker/script.js"),
).toHTML()
nvd_text = P('''If a "**" is included, the urgency field was automatically
assigned by the NVD (National Vulnerability Database). Note that this
rating is automatically derived from a set of known factors about the
......@@ -1492,8 +1487,12 @@ Debian bug number.'''),
on_load = "selectSearch()"
else:
on_load = None
head_contents = compose(
LINK(' ', href=url.scriptRelative("style.css")),
SCRIPT(' ', src=url.scriptRelative("script.js")),
).toHTML()
return HTMLResult(self.add_title(title, body,
head_contents=self.head_contents,
head_contents=head_contents,
body_attribs={'onload': on_load}),
doctype=self.html_dtd(),
status=status)
......
This source diff could not be displayed because it is too large. You can view the blob instead.
[01 Jun 2018] DLA-1393-1 wheezy-lts - end-of-life
NOTE: end of security support for wheezy-lts
[01 Jun 2018] DLA-1392-1 linux - security update
{CVE-2018-1093 CVE-2018-1130 CVE-2018-8897 CVE-2018-10940}
[wheezy] - linux 3.2.102-1
[31 May 2018] DLA-1391-1 tiff - security update
{CVE-2017-11613 CVE-2018-5784}
[wheezy] - tiff 4.0.2-6+deb7u21
[31 May 2018] DLA-1390-1 procps - security update
{CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126}
[wheezy] - procps 1:3.3.3.3+deb7u1
[30 May 2018] DLA-1389-1 apache2 - security update
{CVE-2017-15710 CVE-2018-1301 CVE-2018-1312}
[wheezy] - apache2 2.2.22-13+deb7u13
[28 May 2018] DLA-1388-1 wireshark - security update
{CVE-2018-9258 CVE-2018-9260 CVE-2018-9261 CVE-2018-9263 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-11358 CVE-2018-11362}
[wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u11
[26 May 2018] DLA-1387-1 cups - security update
{CVE-2017-18248}
[wheezy] - cups 1.5.3-5+deb7u8
[26 May 2018] DLA-1386-1 ming - security update
{CVE-2018-7866 CVE-2018-7873 CVE-2018-7876 CVE-2018-9009 CVE-2018-9132}
[wheezy] - ming 1:0.4.4-1.1+deb7u9
[25 May 2018] DLA-1385-1 batik - security update
{CVE-2018-8013}
[wheezy] - batik 1.7+dfsg-3+deb7u3
[25 May 2018] DLA-1384-1 xdg-utils - security update
{CVE-2017-18266}
[wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u4
......
[06 Jun 2018] DSA-4218-1 memcached - security update
{CVE-2017-9951 CVE-2018-1000115 CVE-2018-1000127}
[jessie] - memcached 1.4.21-1.1+deb8u2
[stretch] - memcached 1.4.33-1+deb9u1
[03 Jun 2018] DSA-4217-1 wireshark - security update
{CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-11358 CVE-2018-11362}
[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u14
[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[03 Jun 2018] DSA-4191-2 redmine - regression update
[stretch] - redmine 3.3.1-4+deb9u2
[02 Jun 2018] DSA-4216-1 prosody - security update
{CVE-2018-10847}
[jessie] - prosody 0.9.7-2+deb8u4
[stretch] - prosody 0.9.12-2+deb9u2
[02 Jun 2018] DSA-4215-1 batik - security update
{CVE-2017-5662 CVE-2018-8013}
[jessie] - batik 1.7+dfsg-5+deb8u1
[stretch] - batik 1.8-4+deb9u1
[01 Jun 2018] DSA-4214-1 zookeeper - security update
{CVE-2018-8012}
[jessie] - zookeeper 3.4.9-3+deb8u1
[stretch] - zookeeper 3.4.9-3+deb9u1
[29 May 2018] DSA-4213-1 qemu - security update
{CVE-2017-5715 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2018-5683 CVE-2018-7550}
[stretch] - qemu 1:2.8+dfsg-6+deb9u4
[29 May 2018] DSA-4212-1 git - security update
{CVE-2018-11235}
[jessie] - git 1:2.1.4-2.1+deb8u6
[stretch] - git 1:2.11.0-3+deb9u3
[26 May 2018] DSA-4206-2 gitlab - regression update
[stretch] - gitlab 8.13.11+dfsg1-8+deb9u3
[25 May 2018] DSA-4211-1 xdg-utils - security update
{CVE-2017-18266}
[jessie] - xdg-utils 1.1.0~rc1+git20111210-7.4+deb8u1
[stretch] - xdg-utils 1.1.1-1+deb9u1
[25 May 2018] DSA-4210-1 xen - security update
{CVE-2018-3639}
[stretch] - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
......
......@@ -10,47 +10,46 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
apache2 (Roberto C. Sánchez)
bouncycastle (Markus Koschany)
--
cups (Thorsten Alteholz)
NOTE: 20180318: not clear whether patch is fine, so no email to maintainer sent (alteholz)
ca-certificates (Chris Lamb)
NOTE: 20180531: check if we need to perform an update before wheezy is EOL (anarcat)
NOTE: 20180601: Will keep this open and check for jessie now. (lamby)
--
enigmail (Abhijith PA)
enigmail
NOTE: 20180603: Commits between https://sourceforge.net/p/enigmail/source/ci/f6c111 (abhijith)
NOTE: 20180603: and https://sourceforge.net/p/enigmail/source/ci/d2a83a might be useful. (abhijith)
--
firefox-esr (Emilio Pozuelo)
NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL.
NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
--
krb5 (Thorsten Alteholz)
NOTE: 20180131: lts-do-not-call
NOTE: 20180411: Details not public yet. Security team in contact with upstream. (anarcat)
NOTE: 20180411: See also https://lists.debian.org/msgid-search/20180208212643.GB7792@pisco.westfalen.local (anarcat)
git (Antoine Beaupré)
--
lame (Hugo Lefeuvre)
NOTE: 20180515: Patch available and tested. Will coordinate with Fabian to provide Wheezy and Jessie uploads for the next Jessie point release.
NOTE: 20180529: Tested patch ready for upload. Waiting for feedback from the security team.
NOTE: See https://lists.debian.org/debian-lts/2018/05/msg00081.html
--
libav (Hugo Lefeuvre)
NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop.
NOTE: 20180118: It is unlikely that he will start again in the next weeks.
NOTE: 20180118: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
NOTE: 20180118: Help is welcome, feel free to mail Hugo.
NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. Help needed for CVE triage and patch development.
NOTE: 20180529: Just contacted some of the CVE reporters to ask for the reproducers, CC-ed team ML.
--
linux
liblouis
--
libvncserver (Markus Koschany)
--
ming (Hugo Lefeuvre)
NOTE: 20180515: wip, currently working on it with upstream. Lots of fuzzing noise,
NOTE: many duplicate issues. Currently working on the next upload which will fix a
NOTE: batch of 5-6 CVEs.
NOTE: 20180529: wip, currently working on it with upstream. Lots of fuzzing noise,
NOTE: many duplicate issues. I'm currently working on the next upload, which will fix
NOTE: another batch of CVEs. It will most likely not be ready until Wheezy EOL, but I
NOTE: will upload it for ELTS.
--
openjdk-7 (Emilio Pozuelo)
--
phpmyadmin (Emilio Pozuelo)
--
procps (Abhijith PA)
--
tiff
--
tiff3
--
wireshark (Thorsten Alteholz)
tiff3 (Holger Levsen)
--
......@@ -30,6 +30,12 @@ glusterfs
--
graphicsmagick
--
intel-microcode
or possibly via spu, depends on timing of release and other factors
--
jruby (seb)
2018-05-31: Markus Koschany prepared a debdiff; Miguel Landaeta looking at test regressions
--
knot-resolver
--
libav/oldstable
......@@ -38,6 +44,9 @@ libav/oldstable
libidn
santiago will prepare update
--
libvncserver
Markus Koschany proposed an update
--
linux
Wait until more issues have piled up
--
......@@ -65,7 +74,7 @@ php-horde-image
phpmyadmin/oldstable (abhijith)
https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.2.12-2+deb8u3.dsc
--
qemu/oldstable
plexus-archiver
--
ruby2.1/oldstable
Santiago will prepare an update
......@@ -76,15 +85,16 @@ ruby2.3/stable
work-in-progress: https://salsa.debian.org/ruby-team/ruby/tree/stretch-security-wip
--
sssd/stable
Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release.
--
strongswan (corsac)
--
thunderbird
--
tomcat7/oldstable
--
tomcat8 (seb)
2018-04-11: Emmanuel Bourg submitted a debdiff
--
wireshark (jmm)
--
xdg-utils (luciano)
--
zendframework/oldstable
--
......@@ -104,6 +104,7 @@ libmikmod
NOTE: Might be fixed earlier. Lenny version recorded.
- black-box 1.4.6-2.2 (embed)
NOTE: Might be fixed earlier. Lenny version recorded.
- timidity <unfixed> (modified-embed; bug #649344)
libiax
- iaxmodem <unfixable> (embed; bug #548885)
......
......@@ -129,3 +129,5 @@ CVE-2016-10317
[jessie] - ghostscript 9.06~dfsg-2+deb8u7
CVE-2018-10689
[jessie] - blktrace 1.0.5-1+deb8u1
CVE-2017-5715
[jessie] - intel-microcode 3.20180425.1~deb8u1
......@@ -6,10 +6,6 @@ CVE-2017-5715
[stretch] - nvidia-graphics-drivers 384.111-4~deb9u1
CVE-2017-12424
[stretch] - shadow 1:4.4-4.1+deb9u1
CVE-2017-9951
[stretch] - memcached 1.4.33-1+deb9u1
CVE-2018-1000115
[stretch] - memcached 1.4.33-1+deb9u1
CVE-2015-XXXX [busybox: pointer misuse unziping files]
[stretch] - busybox 1:1.22.0-19+deb9u1
NOTE: For #803097
......@@ -95,3 +91,7 @@ CVE-2018-1302
[stretch] - apache2 2.4.25-3+deb9u5
CVE-2018-10689
[stretch] - blktrace 1.1.0-2+deb9u1
CVE-2018-11410
[stretch] - liblouis 3.0.0-3+deb9u2
CVE-2017-5715
[stretch] - intel-microcode 3.20180425.1~deb9u1
......@@ -595,3 +595,97 @@ mysql-5.6
asterisk-chan-capi
xine-lib
elasticsearch
distribute
wxwidgets2.8
iproute
kdemultimedia
adzapper
automake
wine-gecko-1.4
op-panel
z88dk
mod-auth-mysql
kdegames
wzdftpd
guile-1.6
debtorrent
ruby-actionmailer-3.2
gnelib
gcc-4.9-backport
net6
dnssec-tools
tcl8.4
knowledgeroot
ncpfs
centerim
llvm-2.9
ia32-libs-gtk
vala-0.16
vala-0.14
update-manager
udev
drbd8
dspam
php-apc
ia32-libs
aqualung
cluster-agents
llvm-3.1
llvm-3.0
xerces-c2
bokken
nsd3
xboing
texmacs
nvclock
boa
scanbuttond
kdesdk
lesstif2
haskell-tls-extra
krb5-appl
xfs
mistelix
interchange
innfeed
libsdp
jifty
libjpeg8
im-switch
boost1.49
automake1.9
netdisco-mibs-installer
gstreamer0.10-ffmpeg
webkit
mediatomb
rbot
gcc-4.4
openmotif
mp
bluez-hcidump
electricsheep
rekonq
lcms
xmail
radiance
torque
zgv
freebsd-sendpr
tk8.4
yate
babel
ulogd
tqsllib
lastfm
ruby-actionmailer-2.3
trac-git
software-center
pmake
kdenetwork
t1lib
mozart
gitolite
kdeadmin
automake1.10
ctdb
gcc-mozilla
......@@ -607,7 +607,7 @@ The following packages are needed:
The following commands build the databases for stable and run a python local server in port 10605:
make update-stable
make update-packages
make
make serve
......
# This file defines the variables describing all Debian repositories
# that need to be fetched in the "update-packages" process
BACKPORT_RELEASES := $(OLDOLDSTABLE) $(OLDSTABLE) $(STABLE)
SECURITY_RELEASES := $(BACKPORT_RELEASES) $(TESTING)
MAIN_RELEASES := $(SECURITY_RELEASES) sid
# Define the variables for the release on the main mirror
define add_main_release =
$(1)_MIRROR = $$(MIRROR)
$(1)_DIST = $(1)
$(1)_ARCHS ?= amd64 arm64 armel armhf hurd-i386 i386 kfreebsd-i386 kfreebsd-amd64 mips mips64el mipsel powerpc ppc64el s390x
$(1)_RELEASE = $(1)
$(1)_SUBRELEASE =
RELEASES += $(1)
endef
$(foreach release,$(MAIN_RELEASES),$(eval $(call add_main_release,$(release))))
# Define the variables for the releases on security.debian.org
define add_security_release =
$(1)_security_MIRROR = $$(SECURITY_MIRROR)
$(1)_security_DIST = $(1)/updates
$(1)_security_ARCHS = $$($(1)_ARCHS)
$(1)_security_RELEASE = $(1)
$(1)_security_SUBRELEASE = security
RELEASES += $(1)_security
endef
$(foreach release,$(SECURITY_RELEASES),$(eval $(call add_security_release,$(release))))
# Define the variables for the *-backports releases
define add_backport_release =
$(1)_backports_MIRROR = $$(MIRROR)
$(1)_backports_DIST = $(1)-backports
$(1)_backports_ARCHS = $$($(1)_ARCHS)
$(1)_backports_RELEASE = $(1)-backports
$(1)_backports_SUBRELEASE =
RELEASES += $(1)_backports
endef
$(foreach release,$(BACKPORT_RELEASES),$(eval $(call add_backport_release,$(release))))
......@@ -38,29 +38,29 @@ From 11-06 to 17-06:Thorsten Alteholz <debian@alteholz.de>
From 18-06 to 24-06:Markus Koschany <apo@debian.org>
From 25-06 to 01-07:
From 02-07 to 08-07:Guido Günther <agx@sigxcpu.org>
From 09-07 to 15-07:
From 09-07 to 15-07:Markus Koschany <apo@debian.org>
From 16-07 to 22-07:
From 23-07 to 29-07:Chris Lamb <chris@chris-lamb.co.uk>
From 30-07 to 05-08:Thorsten Alteholz <debian@alteholz.de>
From 06-08 to 12-08:
From 13-08 to 19-08:
From 13-08 to 19-08:Markus Koschany <apo@debian.org>
From 20-08 to 26-08:Chris Lamb <chris@chris-lamb.co.uk>
From 27-08 to 02-09:
From 27-08 to 02-09:Markus Koschany <apo@debian.org>
From 03-09 to 09-09:Chris Lamb <chris@chris-lamb.co.uk>
From 10-09 to 16-09:Thorsten Alteholz <debian@alteholz.de>
From 17-09 to 23-09:Ola Lundqvist <opal@debian.org>
From 24-09 to 30-09:Guido Günther <agx@sigxcpu.org>
From 01-10 to 07-10:Chris Lamb <chris@chris-lamb.co.uk>
From 08-10 to 14-10:
From 08-10 to 14-10:Markus Koschany <apo@debian.org>
From 15-10 to 21-10:
From 22-10 to 28-10:Thorsten Alteholz <debian@alteholz.de>
From 29-10 to 04-11:Ola Lundqvist <opal@debian.org>
From 05-11 to 11-11:Chris Lamb <chris@chris-lamb.co.uk>
From 12-11 to 18-11:Guido Günther <agx@sigxcpu.org>
From 19-11 to 25-11:
From 19-11 to 25-11:Markus Koschany <apo@debian.org>
From 26-11 to 02-12:Thorsten Alteholz <debian@alteholz.de>
From 03-12 to 09-12:Chris Lamb <chris@chris-lamb.co.uk>
From 10-12 to 16-12:Guido Günther <agx@sigxcpu.org>
From 17-12 to 23-12:
From 17-12 to 23-12:Markus Koschany <apo@debian.org>
From 24-12 to 30-12:
From 31-12 to 06-01:
......@@ -23,5 +23,10 @@
"major-version": "11",
"support": "none",
"contact": ""
},
"bookworm": {
"major-version": "12",
"support": "none",
"contact": ""
}
}