Project

General

Profile

Actions
Copy link

Bug #744

closed

Remove obsolete Buster packages

Added by Pierre-Louis Bonicoli over 3 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Pierre-Louis Bonicoli
Category:
System :: Base
Start date:
2021-11-24
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
Help Needed:
No

Description

From a security status mail received today:

Security report based on the bullseye release

*** Available security updates

CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21,...
  <https://security-tracker.debian.org/tracker/CVE-2021-25219>
  - libdns-export1104, libisc-export1100


root@orthos:~# apt policy libdns-export1104
libdns-export1104:
  Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3
  Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3
  Version table:
 *** 1:9.11.5.P4+dfsg-5.1+deb10u3 100
        100 /var/lib/dpkg/status

According to the [Debian security tracker](https://security-tracker.debian.org/tracker/CVE-2021-25219) 1:9.11.5.P4+dfsg-5.1+deb10u5 is vulnerable. This package is buster only and should be removed.

I will remove every buster only (thanks to apt-forktracer).
  • ✅ Elwing
  • ❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)
  • ✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)
  • ✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)
  • ✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64
  • ✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)
  • ✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)
There are some packages not upgraded to bullseyes:
  • molly-guard: ✅ 0.7.2.0 is now used instead of 0.7.2.0~buster on every host
  • rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks
There are some used packages without any bullseyes version:
  • incron: ❔
@Marc Dequènes on Jinta, could these packages be removed:
  • dict-freedict-all It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?
  • dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k
Actions
Copy link
 #1

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
  • Status changed from New to In Progress
Actions
Copy link
 #2

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #5

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #6

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
  • Status changed from In Progress to Rejected
Actions
Copy link
 #7

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
  • Status changed from Rejected to In Progress
Actions
Copy link
 #8

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #9

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #10

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #11

Updated by Pierre-Louis Bonicoli over 3 years ago

  • Description updated (diff)
Actions
Copy link
 #12

Updated by Marc Dequènes almost 3 years ago

Quack,

I upgraded rspamd to bullseye but forgot to update this ticket.

incron is only used for handling package uploads in our Debian repository. I'm fine with replacing it but I have no idea what alternatives are out there.

As for dict-freedict-all it was removed, let's list deps we use most as you suggested. I'm fine with removing the other packages as they are most surely unmaintained upstream anyway.

Actions
Copy link
 #13

Updated by Marc Dequènes almost 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Ok, all done. Also did the same for Bookworm.

Actions
Copy link

Also available in: Atom PDF