Hi Santiago, Thorsten, all

Santiago have now removed all packages from dla-needed with is good
considering buster is now EOL.

As a help to Thorsten I have gone through the entries we had and
checked whether bullseye is considered vulnerable.
My conclusion is that we should add back:

- bind9
- dnsmasq
- h2o
- libreswan
- nodejs
- nss
- squid

The analysis is a quick analysis based on whether the package tracker
tells "vulnerable" for bullseye and it was part of dla-needed in the
past. This means that the package should be triaged further before
updated.

The rest of the packages in dla-needed have a "no DSA" or "ignored"
statement for all the associated CVEs.

I have not analyzed the non-free packages. They need extra attention
since they are typically marked as no-dsa with the motivation that
non-free is not supported but we have some packages in the
packages-to-support list.

Hope this helps.

If you want I can prepare a commit that add back the above packages.

Cheers

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  o...@inguza.com                    o...@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------

Reply via email to