(E)LTS report for April 2024

To: debian-lts@lists.debian.org
Subject: (E)LTS report for April 2024
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 10 May 2024 23:59:58 +0300
Message-id: <[🔎] Zj6KzkEW2RuI9c7I@localhost>

LTS:

glibc:
- First part of work released as DLA-3807-1 in May.

gtkwave:
- DLA-3785-1 and DSA-5653-1 were released in April,
  but the actual work was done and submitted for review in March.

pillow:
- Determined that CVE-2021-25291 does not affect buster.
- Released DLA-3786-1, fixing CVE-2024-28219.

ruby-rack:
- Released DLA-3800-1, fixing CVE-2024-25126, CVE-2024-26141
  and CVE-2024-26146.
- These fixes were also uploaded to unstables and submitted
  for bullseye and bookworm.

trafficserver:
- Released DLA-3799-1, fixing CVE-2024-31309.

zabbix:
- Determined that CVE-2022-40626 does not affect <= bullseye
- Released DLA-3798-1, fixing CVE-2024-22119.

xorg-server:
- Released DLA-3787-1, fixing CVE-2024-31080, CVE-2024-31081
  and CVE-2024-31083.


ELTS:

glibc:
- First part of work released as ELA-1087-1 in May for
  jessie and stretch

openexr:
- Determined that CVE-2024-31047 does not affect the binary
  packages in stretch or buster.

pillow:
- Released ELA-1079-1, fixing CVE-2024-28219 in jessie and stretch.

ruby-rack:
- Determined that CVE-2024-25126 does not affect jessie or stretch.
- Released ELA-1081-1, fixing CVE-2024-26141 and CVE-2024-26146
  in stretch.

zabbix:
- Determined that CVE-2024-22119 (sole remaining not ignored CVE)
  does not affect jessie or stretch.

xorg-server:
- Released ELA-1072-1, fixing CVE-2024-31080, CVE-2024-31081
  and CVE-2024-31083 in jessie and stretch.

Reply to:

Prev by Date: Fixing glib2.0 CVE-2024-34397 in buster
Next by Date: Re: Fixing glib2.0 CVE-2024-34397 in buster
Previous by thread: (E)LTS report for April 2024
Next by thread: Debian (E)LTS report for April 2024
Index(es):
- Date
- Thread