(E)LTS and Debian report for October 2022
I am funded by Freexian SARL and thus reporting about my work in
I issued DLA-3133-1 for lighttpd fixing a denial of service
vulnerability in buster.
I issued DLA-3152-1 for glibc fixing 14 CVEs in buster and triaged a few
more. Thus far one regression has surfaced. Partial upgrades can break
I issued ELA-697-1 for libraw fixing 7 CVE in stretch and rechecked all
CVEs due to prior misclassification.
I prepared an update of glibc in jessie and stretch and called for
testing the update. Packages available at:
https://subdivi.de/~helmut/glibc_elts/ Further changes pending.
I continued maintaining rebootstrap. As part of this, I've sent patches
to various packages (bash, gcc, libunistring, systemd). While the
majority is fixing regressions, I also made some progress on hurd and
musl this month.
I attended the CTTE monthly meeting.
I sent patches for 38 cross build failures. A significant fraction of
this is inside the qt6 ecosystem.