Hi, in November 2022, on behalf of Freexian and through my company velocitux UG, I have worked on the following LTS tasks: DLA-3180-1: python-scciclient security update ============================================= Fixed CVE-2022-2996 for missing TLS certificate verification. Also, helped to prepare the patch for stable-security. DLA-3186-1: exiv2 security update ================================= Fixed several buffer overflows when handling image meta-data. The update was a bit difficutl due to the very big difference in supported image formats between LTS and unstable. DLA-3192-1: lava security update ================================ Fixed CVE-2022-42902 for a remote code execution bug. DLA-3195-1: jupyter-core security update ======================================== Fixed CVE-2022-39286 for a potential arbitrary code execution bug when loading configuration files from the current directory. DLA-3193-1: joblib security update ================================== Fixed CVE-2022-21797 for an arbitrary code execution bug. DLA-3212-1: twisted security update =================================== Fixed CVE-2022-39348 for a potential HTML injection through a crafted HTTP Host header when using twisted's virtual host feature. Cheers, Nik
Attachment:
signature.asc
Description: PGP signature