During the month of January 2023 and on behalf of Freexian, I worked on the following: * DLA-3270-1: net-snmp 5.7.3+dfsg-5+deb10u4 CVE-2022-44793 and CVE-2022-44792 https://lists.debian.org/msgid-search/Y8Nreff/4mMS82wu@debian.org * DLA-3271-1: node-minimatch 3.0.4-3+deb10u1 CVE-2022-3517 https://lists.debian.org/msgid-search/Y8Qa+Jo13podbvKy@debian.org * DLA-3284-1: libapache-session-ldap-perl 0.4-1+deb10u1 CVE-2020-36658 (filed that one and triaged it as it was needed for LemonLDAP::NG in some configurations for its CVE-2020-16093 fix) https://lists.debian.org/msgid-search/Y9UQAZ+IpZomjVEJ@debian.org * DLA-3285-1: libapache-session-browseable-perl 1.3.0-1+deb10u1 CVE-2020-36659 (filed that one and triaged it as it was needed for LemonLDAP::NG in some configurations for its CVE-2020-16093 fix) https://lists.debian.org/msgid-search/Y9UQF5Z4NlvkRWyo@debian.org * DLA-3287-1: lemonldap-ng 2.0.2+ds-7+deb10u8 CVE-2020-16093 and CVE-2022-37186 https://lists.debian.org/msgid-search/Y9VBknECLVeWFl3E@debian.org * DLA-3289-1: dojo 1.14.2+dfsg1-1+deb10u3 CVE-2020-4051 and CVE-2021-23450 https://lists.debian.org/msgid-search/Y9ZMomJAkSfQWW/0@debian.org * DLA-3291-1: node-object-path 0.11.4-2+deb10u2 CVE-2021-23434 and CVE-2021-3805 https://lists.debian.org/msgid-search/Y9acO2alBhU2MPBy@debian.org * DLA-3299-1: node-qs 6.5.2-1+deb10u1 CVE-2022-24999 https://lists.debian.org/msgid-search/Y9g+J/xMu6qW4LIi@debian.org Thanks to the sponsors for financing this work, and to Freexian for coordinating! -- Guilhem.
Attachment:
signature.asc
Description: PGP signature