Bug #744
Remove obsolete Buster packages
Start date:
2021-11-24
Due date:
% Done:
0%
Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
Help Needed:
No
Description
From a security status mail received today:
Security report based on the bullseye release *** Available security updates CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21,... <https://security-tracker.debian.org/tracker/CVE-2021-25219> - libdns-export1104, libisc-export1100
root@orthos:~# apt policy libdns-export1104 libdns-export1104: Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3 Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3 Version table: *** 1:9.11.5.P4+dfsg-5.1+deb10u3 100 100 /var/lib/dpkg/status
According to the [Debian security tracker](https://security-tracker.debian.org/tracker/CVE-2021-25219) 1:9.11.5.P4+dfsg-5.1+deb10u5
is vulnerable. This package is buster only and should be removed.
apt-forktracer
).
- ✅ Elwing
- ❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)
- ✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)
- ✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)
- ✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64
- ✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)
- ✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)
- molly-guard: ✅
0.7.2.0
is now used instead of0.7.2.0~buster
on every host - rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks
- incron: ❔
- dict-freedict-all It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?
- dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k
History
Updated by Pierre-Louis Bonicoli over 1 year ago
- Description updated (diff)
- Status changed from New to In Progress
Updated by Pierre-Louis Bonicoli over 1 year ago
- Description updated (diff)
- Status changed from In Progress to Rejected
Updated by Pierre-Louis Bonicoli over 1 year ago
- Description updated (diff)
- Status changed from Rejected to In Progress
Updated by Marc Dequènes 9 months ago
Quack,
I upgraded rspamd to bullseye but forgot to update this ticket.
incron is only used for handling package uploads in our Debian repository. I'm fine with replacing it but I have no idea what alternatives are out there.
As for dict-freedict-all it was removed, let's list deps we use most as you suggested. I'm fine with removing the other packages as they are most surely unmaintained upstream anyway.