Debian LTS and ELTS - December 2020

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Debian LTS and ELTS - December 2020
From: Sylvain Beucler <beuc@beuc.net>
Date: Sat, 2 Jan 2021 19:02:26 +0100
Message-id: <[🔎] dc663702-8f5f-b57d-335a-f23617a1e9ed@beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian forhandling the offering.

https://www.freexian.com/services/debian-lts.html#sponsors

LTS

- mongodb: prepare EOL
  https://lists.debian.org/debian-lts-announce/2020/12/msg00009.html
- sympa
  - request CVE-2020-29668
  - DLA 2499-1
    https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html
  - coordinate and prepare DSA-4818, sync'ing 5 issues to buster
    https://www.debian.org/security/2020/dsa-4818
- awstats
  - request CVE-2020-29600 and CVE-2020-35176
  - DLA 2506-1
    https://lists.debian.org/debian-lts-announce/2020/12/msg00035.html
- xerces-c
  - DLA 2498-1, matching ELA-330-1
    https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html
  - coordinate and prepare DSA-4814, matching DLA 2498-1
    https://www.debian.org/security/2020/dsa-4814
- imagemagick
  - more triage, clarify important issues with upstream and reporter
  - request CVE-2020-29599
    clarify different vectors in each Debian version
- Reactivity report: reference slowdowns due to upstreams
  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/13

ELTS

- mongodb: ensure no open medium/critical vulnerability affects jessie
- xerces-c: ELA-330-1
  https://deb.freexian.com/extended-lts/updates/ela-330-1-xerces-c/
- imagemagick: common work with LTS, determine jessie-specific vector
- lxml: tidy triage
- p11-kit: finish triage, not vulnerable

--
Sylvain Beucler
Debian LTS Team

Reply to:

Next by Date: (E)LTS report for November 2020
Next by thread: (E)LTS report for November 2020
Index(es):
- Date
- Thread