Bug #744
Updated by Pierre-Louis Bonicoli over 1 year ago
From a security status mail received today:
<pre>
Security report based on the bullseye release
*** Available security updates
CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21,...
<https://security-tracker.debian.org/tracker/CVE-2021-25219>
- libdns-export1104, libisc-export1100
</pre>
<pre>
root@orthos:~# apt policy libdns-export1104
libdns-export1104:
Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3
Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3
Version table:
*** 1:9.11.5.P4+dfsg-5.1+deb10u3 100
100 /var/lib/dpkg/status
</pre>
According to the [Debian security tracker](https://security-tracker.debian.org/tracker/CVE-2021-25219) @1:9.11.5.P4+dfsg-5.1+deb10u5@ is vulnerable. This package is buster only and should be removed.
I will remove every buster only (thanks to @apt-forktracer@).
* ✅ Elwing
* ❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)
* ✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)
* ✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)
* ✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64
* ✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)
* ✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)
There are some packages not upgraded to bullseyes:
* molly-guard: ✅ @0.7.2.0@ is now used instead of @0.7.2.0~buster@ on every host
* rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks
There are some used packages without any bullseyes version:
* incron: ❔
@Duck on Jinta, could these packages be removed:
* "dict-freedict-all":https://packages.debian.org/stretch/dict-freedict-all It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?
* dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k
<pre>
Security report based on the bullseye release
*** Available security updates
CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21,...
<https://security-tracker.debian.org/tracker/CVE-2021-25219>
- libdns-export1104, libisc-export1100
</pre>
<pre>
root@orthos:~# apt policy libdns-export1104
libdns-export1104:
Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3
Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3
Version table:
*** 1:9.11.5.P4+dfsg-5.1+deb10u3 100
100 /var/lib/dpkg/status
</pre>
According to the [Debian security tracker](https://security-tracker.debian.org/tracker/CVE-2021-25219) @1:9.11.5.P4+dfsg-5.1+deb10u5@ is vulnerable. This package is buster only and should be removed.
I will remove every buster only (thanks to @apt-forktracer@).
* ✅ Elwing
* ❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)
* ✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)
* ✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)
* ✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64
* ✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)
* ✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)
There are some packages not upgraded to bullseyes:
* molly-guard: ✅ @0.7.2.0@ is now used instead of @0.7.2.0~buster@ on every host
* rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks
There are some used packages without any bullseyes version:
* incron: ❔
@Duck on Jinta, could these packages be removed:
* "dict-freedict-all":https://packages.debian.org/stretch/dict-freedict-all It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?
* dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k