On Fri, Nov 15, 2019 at 02:56:31PM +0100, Emilio Pozuelo Monfort wrote: > On 14/11/2019 19:51, Roberto C. Sánchez wrote: > > > - Any feedback on this proposed DLA text? > > > > Package : debian-security-support > > Version : 2019.11.15~deb8u1 > > > > > > debian-security-support, the Debian security support coverage checker, > > has been updated in jessie. > > > > This marks the end of life of the libqb package in jessie. A recently > > reported vulnerability against libqb which allows users to overwrite > > arbitrary files via a symlink attack cannot be adequately addressed in > > libqb in jessie. Upstream no longer supports this version and no > > packages in jessie depend upon libqb, thus making it a leaf package. > > > > We recommend that if your systems or applications depend upon the libqb > > package provided from the Debian archive that you upgrade your systems > > to a more recent Debian release or find an alternate and up to date > > source of libqb packages. > > Looks fine to me. I have also noticed that we didn't get a > debian-security-support update for the mysql-5.5 EOL, so if you can add a > paragraph about it in the announcement (the changes to the > debian-security-support were already there) that'd be great. Something such > as: > > In addition to that, MySQL 5.5 is no longer supported as upstream ended its > support and we are unable to backport fixes from newer versions due to the > lack > of patch details. Options are to switch to MariaDB 10.0 in jessie or to a > newer > version in more recent Debian releases. >
I'll definitely add that. Regards, -Roberto -- Roberto C. Sánchez
