Debian Long Term Support work 2023 October

  • Added a note to borgbackup.
  • Marked a number of CVEs as no-dsa following bullseye decision for the following packages: glibc, hoteldruid, lemonldap-ng. Did not do it for mediawiki since it was a postpone and the data was not easy to get.
  • Similarly no-dsa for gcc-7 and gcc-8 following decision for bullseye for later gcc versions.
  • Marked postgresql-11 CVE-2023-39417 as no-dsa instead of postponed since it is a minor issue. It may be fixed later but there is no necessity of it.
  • Marked golang-1.11 CVEs as no-dsa following decision for bullseye for later go version.
  • Marked golang-golang-x-image CVEs as no-dsa for buster since it is a DoS vulnerability, rather minor and the package has limited support.