blob: ebf7d4b3d7d7e711afbb50774f69c8587687e546 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
An LTS security update is needed for the following source packages.
When you add a new entry, please keep the list alphabetically sorted.
The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from
https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE
when working on an update.
To pick an issue, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
bouncycastle (Markus Koschany)
--
ca-certificates (Chris Lamb)
NOTE: 20180531: check if we need to perform an update before wheezy is EOL (anarcat)
NOTE: 20180601: Will keep this open and check for jessie now. (lamby)
--
enigmail
NOTE: 20180603: Commits between https://sourceforge.net/p/enigmail/source/ci/f6c111 (abhijith)
NOTE: 20180603: and https://sourceforge.net/p/enigmail/source/ci/d2a83a might be useful. (abhijith)
--
firefox-esr (Emilio Pozuelo)
NOTE: 20180525: We will need an update to Firefox ESR 60 in jessie once 52 goes EOL.
NOTE: 20180525: This needs some backports (llvm, rustc, cargo) which need some work.
--
git
--
lame (Hugo Lefeuvre)
NOTE: 20180529: Tested patch ready for upload. Waiting for feedback from the security team.
NOTE: See https://lists.debian.org/debian-lts/2018/05/msg00081.html
--
libav (Hugo Lefeuvre)
NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, but encountered personal issues and had to stop.
NOTE: 20180118: It is unlikely that he will start again in the next weeks.
NOTE: 20180118: I am currently working on CVE triage but I will not be able to process the whole backlog until May.
NOTE: 20180529: Help is welcome, feel free to mail Hugo. Still up-to-date. Help needed for CVE triage and patch development.
NOTE: 20180529: Just contacted some of the CVE reporters to ask for the reproducers, CC-ed team ML.
--
liblouis
--
libvncserver (Markus Koschany)
--
ming (Hugo Lefeuvre)
NOTE: 20180529: wip, currently working on it with upstream. Lots of fuzzing noise,
NOTE: many duplicate issues. I'm currently working on the next upload, which will fix
NOTE: another batch of CVEs. It will most likely not be ready until Wheezy EOL, but I
NOTE: will upload it for ELTS.
--
openjdk-7 (Emilio Pozuelo)
--
phpmyadmin (Emilio Pozuelo)
--
tiff3 (Holger Levsen)
--
|
