Niels Thykier: > Hi, > > I have a quick review of the RC bugs in *key* packages that are unfixed > in unstable according to UDD. The following is a list of 32 of these > (out of about 180) with proposed verdicts/tagging to start a debate > about them. >
Thanks for the feedback. The outcome is below: > > [...] > The list: > >> Bug Source Verdict Title >> [Tagged] 804272 akonadi can-defer fails to >> synchronize caldav to OpenXChange without notice >> [Tagged] 850874 ark can-defer ark: >> CVE-2017-5330: Unintended execution of scripts and executable files >> [Fixed] 827744 bzip2 can-defer bzip2: >> CVE-2016-3189: heap use after free in bzip2recover >> [Tagged] 834845 chicken can-defer chicken: >> CVE-2016-6830 CVE-2016-6831 >> [Downgrade] 848976 courier-authlib will-remove Unsuitable to >> be part of stable release without proper maintainer >> [Downgrade] 848977 courier-unicode will-remove Unsuitable to >> be part of stable release without proper maintainer >> [Tagged] 827297 deborphan can-defer deborphan: No >> support for versioned provides >> [Changed] 851819 flashplugin-nonfree can-defer ERROR: wget >> failed to download http://people.debian.org/~bartm/... >> [Tagged] 814978 gcc-5 will-remove gcc-5: gnat >> paths are wrong due to ada-gcc-name.diff >> [Tagged] 848220 gcc-5 will-remove gcc-5 should >> not ship in stretch >> [Removed] 835960 gcc-5-cross will-remove gcc-5-cross: >> non-standard gcc/g++ used for build (gcc-5) >> [Removed] 835777 gcc-5-cross will-remove gcc-5-cross: >> FTBFS: patch fails to apply >> [Removed] 835692 gcc-5-cross-ports will-remove >> gcc-5-cross-ports: FTBFS: patches fail to apply >> [Removed] 835961 gcc-5-cross-ports will-remove >> gcc-5-cross-ports: non-standard gcc/g++ used for build (gcc-5) >> [Tagged] 852891 lintian is-blocker lintian: FTBFS: >> Test failures >> [Fixed] 850216 mariadb-10.1 is-blocker >> mysql-server-5.6: Listens on * by default after installation (related to use >> of alternatives) >> [Removed] 805828 mysql-5.6 will-remove >> mysql-server-5.6: upgrade didn't work, package unusable, mysql does not start >> [Removed] 798080 mysql-5.6 will-remove >> mysql-server-5.6: service stop hangs forever on systemd >> [Removed] 804920 mysql-5.6 will-remove >> mysql-server-5.6: needs Conflicts: cqrlog (<< 1.9.0-5~) >> [Removed] 837615 mysql-5.6 will-remove mysql-5.6: >> don't include in stretch >> [Removed] 812812 mysql-5.6 will-remove MySQL client >> library should ship a symbols file, or at least not have a Lintian override >> to hide the problem >> [Fixed] 851770 php-gettext can-defer php-gettext: >> CVE-2015-8980 >> [Tagged] 851771 php-gettext can-defer php-gettext: >> CVE-2016-6175 >> [Tagged] 852163 python3.5 is-blocker >> python3.5-minimal wont configure >> [Tagged] 820381 rar will-remove rar crashes. >> [Fixed] 852883 systemd is-blocker systemd: FTBFS: >> Test failures >> [Tagged] 757083 sysvinit is-blocker initscripts: >> please treat /usr (if separate) the same as / >> [Downgrade] 851446 sysvinit is-blocker mkdir: cannot >> create directory `/run/shm': File exists >> [Removed] 852603 virglrenderer can-defer virglrenderer: >> CVE-2016-10163 >> [Removed] 852604 virglrenderer can-defer virglrenderer: >> CVE-2017-5580 >> [Fixed] 845793 zlib is-blocker lib64z1-dev >> doesn't provide a shlibs file, causing package build failures >> [Fixed] 787956 zlib is-blocker lib32z1-dev: >> Compiling anything that includes <zlib.h> with -m32 fails > Legend: * [Tagged] => Tagged with the given tag * [Changed] => Tagged with a different tag than originally proposed (flashplugin-nonfree, will-remove => can-defer) * [Removed] => Package was removed from testing * [Downgrade] => The bug was downgraded to non-RC (by someone else) * [Fixed] => The bug was fixed and migrated to testing. RC bug count: 32 intial - 6 being fixed - 3 downgrades -11 from removals - 5 tagged ignore ----------------- 12 remaining These are split into 6 tagged can-defer (ignored) 3 tagged will-remove 3 tagged is-blocker Thanks for the assistance, ~Niels
