Debian LTS - June 2022

depth triaging of pyjwt * followup situation on unzip * in depth triaging of grub2 * analysis of sox situation, reported https://sourceforge.net/p/sox/bugs/362/ to track the status of fixes upstream Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description

Re: What to do with sox

If they state they are too busy, work could resume on writing one. Thank you! I opened https://sourceforge.net/p/sox/bugs/362/ and marked all other CVEs as no-dsa. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Re: RFR: openscad update

tanding is that the triaging that makes packages end up in *-needed.txt cannot be as in depth as that which can be done downstream of it. I still feel new on this job, so I'm using this as an opportunity to get peer review on my updated understanding :) Enrico -- GPG key: 4096R/634F4BD1E7AD55

What to do with sox

e who have sox installed to figure out what they are using it for, and reassess those vulnerabilities based on the kind of exposure that sox is actually having? Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Re: pyjwt CVE-2022-29217 and stretch

the relevant code was only introduced in a later version Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

pyjwt CVE-2022-29217 and stretch

e me to still backport the applicable parts of the patch, otherwise I'll mark this as no-dsa in a few days. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Re: Pending pdns updates

o-dsa for stretch, too Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Pending pdns updates

me to do something else not to leave this work unfinished? Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

LTS report for May 2022

Enrico Zini signature.asc Description: PGP signature

Re: Lintian errors on ffmpeg

6R/634F4BD1E7AD5568 2009-05-08 Enrico Zini

Re: Lintian errors on ffmpeg

won't add lintian overrides for them, unless someone tells me that those errors would cause an upload to be rejected. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Re: Urgency for uploads

e that line, and I'll keep uploading with urgency=medium Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Urgency for uploads

uals/developers-reference/pkgs.html#preparing-packages-to-address-security-issues [2] https://salsa.debian.org/lts-team/packages/ffmpeg/-/blob/debian/stretch/debian/changelog [3] https://wiki.debian.org/LTS/Development Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signa

Re: Lintian errors on ffmpeg

mpeg/-/jobs/2730960 [2] https://salsa.debian.org/lts-team/packages/ffmpeg/-/jobs/2599478 Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature

Lintian errors on ffmpeg

eem relevant for stretch. Assuming this analysis makes sense to you, should I ignore these lintian errors, or would you prefer that I add lintian overrides to the LTS release? Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature