Hello everybody, The last month of March, I spent 10 paid hours by Freexian on LTS, mainly on this: * squid3: After the problems found backporting the patch for CVE-2016-2569 to squeeze, I have investigated further on this bug, and I found a new DoS that has been fixed by upstream in 3.5.16. Unfortunately, the fix requires substantial changes on squid3 and this issue remains open in wheezy and jessie, for the moment. * librsvg: I have prepared packages that fix CVE-2015-7557 for wheezy and jessie. These are part of the recent point releases. * debian-security-support: I worked on check-support-status to make it warn the users not only when installed packages are already no longer supported, but when an EOL is coming. The package uploaded to sid closes #818843 and #819493, and I am currently working to unify the package for the different debian releases and close #762594. Thanks to all Debian LTS users to make this project possible, Santiago
Attachment:
signature.asc
Description: PGP signature