During the month of January 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3270-1: net-snmp 5.7.3+dfsg-5+deb10u4
CVE-2022-44793 and CVE-2022-44792
https://lists.debian.org/msgid-search/Y8Nreff/4mMS82wu@debian.org
* DLA-3271-1: node-minimatch 3.0.4-3+deb10u1
CVE-2022-3517
https://lists.debian.org/msgid-search/Y8Qa+Jo13podbvKy@debian.org
* DLA-3284-1: libapache-session-ldap-perl 0.4-1+deb10u1
CVE-2020-36658 (filed that one and triaged it as it was needed for
LemonLDAP::NG in some configurations for its CVE-2020-16093 fix)
https://lists.debian.org/msgid-search/Y9UQAZ+IpZomjVEJ@debian.org
* DLA-3285-1: libapache-session-browseable-perl 1.3.0-1+deb10u1
CVE-2020-36659 (filed that one and triaged it as it was needed for
LemonLDAP::NG in some configurations for its CVE-2020-16093 fix)
https://lists.debian.org/msgid-search/Y9UQF5Z4NlvkRWyo@debian.org
* DLA-3287-1: lemonldap-ng 2.0.2+ds-7+deb10u8
CVE-2020-16093 and CVE-2022-37186
https://lists.debian.org/msgid-search/Y9VBknECLVeWFl3E@debian.org
* DLA-3289-1: dojo 1.14.2+dfsg1-1+deb10u3
CVE-2020-4051 and CVE-2021-23450
https://lists.debian.org/msgid-search/Y9ZMomJAkSfQWW/0@debian.org
* DLA-3291-1: node-object-path 0.11.4-2+deb10u2
CVE-2021-23434 and CVE-2021-3805
https://lists.debian.org/msgid-search/Y9acO2alBhU2MPBy@debian.org
* DLA-3299-1: node-qs 6.5.2-1+deb10u1
CVE-2022-24999
https://lists.debian.org/msgid-search/Y9g+J/xMu6qW4LIi@debian.org
Thanks to the sponsors for financing this work, and to Freexian for
coordinating!
--
Guilhem.
Attachment:
signature.asc
Description: PGP signature