Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2018 June

The following contributions were made:

  • Work to get up to a state that we know exactly needs to be mapped forward from wheezy to jessie. Started with the unfixed that has been fixed in wheezy (not marked as no-dsa for others)
    • ipsec-tools added to dla-needed.txt. CVE-2016-10396 fixed in wheezy.
    • dokuwiki added to dla-needed.txt.¬†CVE-2017-18123 fixed in wheezy.
    • Added quite a few notes to other entries to tell what has been fixed in wheezy and what has not.
    • Triaged simplesamlphp. Added to dla-needed.txt.
      • CVE-2017-12868 fixed in wheezy but according to the description jessie is not affected as it requires an earlier php version.
      • CVE-2017-12872 fixed in wheezy and sounds important enough to fix.
    • Triaged slurm-llnl. Added to dla-needed.txt.
      • CVE-2018-7033 fixed in wheezy and looks important enough to fix.
    • Triaged zendframework. Added to dla-needed.txt.
      • CVE-2016-4861 fixed in wheezy and looks important enough to fix.