[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(E)LTS report for November 2022


in November 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following LTS tasks:

DLA-3180-1: python-scciclient security update

Fixed CVE-2022-2996 for missing TLS certificate verification. Also,
helped to prepare the patch for stable-security.

DLA-3186-1: exiv2 security update

Fixed several buffer overflows when handling image meta-data. The
update was a bit difficutl due to the very big difference in supported
image formats between LTS and unstable.

DLA-3192-1: lava security update

Fixed CVE-2022-42902 for a remote code execution bug.

DLA-3195-1: jupyter-core security update

Fixed CVE-2022-39286 for a potential arbitrary code execution bug
when loading configuration files from the current directory.

DLA-3193-1: joblib security update

Fixed CVE-2022-21797 for an arbitrary code execution bug.

DLA-3212-1: twisted security update

Fixed CVE-2022-39348 for a potential HTML injection through a crafted
HTTP Host header when using twisted's virtual host feature.


Attachment: signature.asc
Description: PGP signature

Reply to: