Univention Bugzilla – Full Text Bug Listing |
Summary: | python-reportlab: Multiple issues (4.4) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | hahn |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-9-errata | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=39239 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
Description
Quality Assurance
2023-10-23 07:51:29 CEST
--- mirror/ftp/4.4/unmaintained/4.4-5/source/python-reportlab_3.3.0-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-9/source/python-reportlab_3.3.0-2+deb9u2.dsc @@ -1,3 +1,10 @@ +3.3.0-2+deb9u2 [Wed, 11 Oct 2023 20:30:15 +0100] Sean Whitton <spwhitton@spwhitton.name>: + + * Non-maintainer upload by the ELTS Security Team. + * Add ignore-missing-hyphen.mashed.patch to fix the build. + * Backport upstream fix for CVE-2019-19450. + * Backport upstream fix for CVE-2020-28463. + 3.3.0-2+deb9u1 [Fri, 24 Apr 2020 23:58:32 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-9/#2798368199129274841> New dependency: libart-lgpl --- mirror/ftp/4.4/unmaintained/4.4-5/source/python-reportlab_3.3.0-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-9/source/python-reportlab_3.3.0-2+deb9u2.dsc @@ -1,3 +1,10 @@ +3.3.0-2+deb9u2 [Wed, 11 Oct 2023 20:30:15 +0100] Sean Whitton <spwhitton@spwhitton.name>: + + * Non-maintainer upload by the ELTS Security Team. + * Add ignore-missing-hyphen.mashed.patch to fix the build. + * Backport upstream fix for CVE-2019-19450. + * Backport upstream fix for CVE-2020-28463. + 3.3.0-2+deb9u1 [Fri, 24 Apr 2020 23:58:32 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-9/#5307977833535627520> "libart-lgpl" in only found in 3.0-0, 4.0-0 and 5.0-[0-5], but not 4.0-1…4.4-9: <https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/libart-lgpl/> But the package in only in *un*maintained: it never got included in any "dists/**/Packages" as that is only used for installation, which depends only on the maintained set. But it is used by "piuparts" as it requires a single APT source. This is okay as only maintained *source* packages are check for errata. A regular UCS installation never uses the "dists/**/Packages", but the "4.?/maintained/4.?-?/$arch/Packages" files. But bin:"python-renderpm" is from src:"python-reportlab" but *un*maintained; only bin:"python-reportlab" is maintained: python-univention-directory-reports --dep--> python-trml2pdf --dep--> python-reportlab --rec--> python-renderpm --dep--> libart-2.0-2 No-one ever bothered to make src:"python-reportlab" itself maintained, so "libart-lgpl" remains unmaintained and piupart fails: - bin:"python-renderpm" is unmaintained - bin:"python-renderpm" depends on src:"libart-lgpl", which is also unmaintained - dists/**/Packages only contains maintained packages $ cd apt/ $ grep-dctrl -l -s Filename --whole-pkg -S libart-lgpl ucs_4.?-0{,-{ucs,errata}4.?-?}/{,dists/*/main/binary-}amd64/Packages ucs_4.0-0/amd64/Packages ucs_4.0-0/dists/ucs400/main/binary-amd64/Packages ucs_4.1-0/dists/ucs410/main/binary-amd64/Packages ucs_4.2-0/dists/ucs420/main/binary-amd64/Packages ucs_4.3-0/dists/ucs430/main/binary-amd64/Packages ucs_4.4-0/dists/ucs440/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-1/dists/ucs401/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-2/dists/ucs402/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-3/dists/ucs403/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-4/dists/ucs404/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-5/dists/ucs405/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-1/dists/ucs411/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-2/dists/ucs412/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-3/dists/ucs413/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-4/dists/ucs414/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-5/dists/ucs415/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-1/dists/ucs421/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-2/dists/ucs422/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-3/dists/ucs423/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-4/dists/ucs424/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-5/dists/ucs425/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-1/dists/ucs431/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-2/dists/ucs432/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-3/dists/ucs433/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-4/dists/ucs434/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-5/dists/ucs435/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-1/dists/ucs441/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-2/dists/ucs442/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-3/dists/ucs443/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-4/dists/ucs444/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-5/dists/ucs445/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-6/dists/ucs446/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-7/dists/ucs447/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-8/dists/ucs448/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-9/dists/ucs449/main/binary-amd64/Packages ucs_4.4-0-errata4.4-9/amd64/Packages ucs_4.0-0-errata4.0-0/dists/ucs400/main/binary-amd64/Packages ucs_4.0-0-errata4.0-1/dists/ucs401/main/binary-amd64/Packages ucs_4.0-0-errata4.0-2/dists/ucs402/main/binary-amd64/Packages ucs_4.0-0-errata4.0-3/dists/ucs403/main/binary-amd64/Packages ucs_4.0-0-errata4.0-4/dists/ucs404/main/binary-amd64/Packages ucs_4.0-0-errata4.0-5/dists/ucs405/main/binary-amd64/Packages ucs_4.1-0-errata4.1-0/dists/ucs410/main/binary-amd64/Packages ucs_4.1-0-errata4.1-1/dists/ucs411/main/binary-amd64/Packages ucs_4.1-0-errata4.1-2/dists/ucs412/main/binary-amd64/Packages ucs_4.1-0-errata4.1-3/dists/ucs413/main/binary-amd64/Packages ucs_4.1-0-errata4.1-4/dists/ucs414/main/binary-amd64/Packages ucs_4.2-0-errata4.2-0/dists/ucs420/main/binary-amd64/Packages ucs_4.2-0-errata4.2-1/dists/ucs421/main/binary-amd64/Packages ucs_4.2-0-errata4.2-2/dists/ucs422/main/binary-amd64/Packages ucs_4.2-0-errata4.2-3/dists/ucs423/main/binary-amd64/Packages ucs_4.2-0-errata4.2-5/dists/ucs425/main/binary-amd64/Packages ucs_4.3-0-errata4.3-0/dists/ucs430/main/binary-amd64/Packages ucs_4.3-0-errata4.3-1/dists/ucs431/main/binary-amd64/Packages ucs_4.3-0-errata4.3-2/dists/ucs432/main/binary-amd64/Packages ucs_4.3-0-errata4.3-3/dists/ucs433/main/binary-amd64/Packages ucs_4.3-0-errata4.3-4/dists/ucs434/main/binary-amd64/Packages ucs_4.3-0-errata4.3-5/dists/ucs435/main/binary-amd64/Packages ucs_4.4-0-errata4.4-0/dists/ucs440/main/binary-amd64/Packages ucs_4.4-0-errata4.4-1/dists/ucs441/main/binary-amd64/Packages ucs_4.4-0-errata4.4-2/dists/ucs442/main/binary-amd64/Packages ucs_4.4-0-errata4.4-3/dists/ucs443/main/binary-amd64/Packages ucs_4.4-0-errata4.4-4/dists/ucs444/main/binary-amd64/Packages ucs_4.4-0-errata4.4-5/dists/ucs445/main/binary-amd64/Packages ucs_4.4-0-errata4.4-6/dists/ucs446/main/binary-amd64/Packages ucs_4.4-0-errata4.4-7/dists/ucs447/main/binary-amd64/Packages ucs_4.4-0-errata4.4-8/dists/ucs448/main/binary-amd64/Packages ucs_4.4-0-errata4.4-9/dists/ucs449/main/binary-amd64/Packages $ cd mirror/ftp/ $ grep-dctrl -l -s Filename --whole-pkg -S libart-lgpl 4.?/{,un}maintained/4.?-?/amd64/Packages 4.0/unmaintained/4.0-0/amd64/Packages OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts bin:"python-renderpm" is unmaintained and requires the unmaintained src:"libart-lgpl" [4.4-9] da20005a3b Bug #56760: python-reportlab 3.3.0-2+deb9u2 doc/errata/staging/python-reportlab.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-9] c1a6dccb2c Bug #56760: python-reportlab 3.3.0-2+deb9u2 doc/errata/staging/python-reportlab.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) [4.4-9] 2a79663fc9 Bug #56760: python-reportlab 3.3.0-2+deb9u2 doc/errata/staging/python-reportlab.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) |