(E)LTS and Debian report for February 2023
Hi,
I am funded by Freexian SARL and thus reporting about my work in
February 2023.
(E)LTS
======
I promised an update of heimdal since December. We finally are there.
The thing that took us so long was CVE-2022-45142 and you can get the
details from https://www.openwall.com/lists/oss-security/2023/02/08/1.
The update has finally been released to all suites from jessie to
unstable. Much thanks to Salvatore Bonaccorso for his support through
all of this.
I also promised an update of sox. This was special, because rather than
porting fixes, I had to come up with them on my own. It turned out that
what I thought to be a new vulnerability in my January report turned out
to be an integer overflow I happened to insert myself. Since this was
only very briefly in unstable (-3.1), there is no separate CVE. Yet,
these sox vulnerabilities are now fixed in all suites from jessie to
unstable.
Debian
======
* I filed 9 FTCBFS patch and helped including existing ones in the Qt6
stack.
* I worked with the CTTE (mostly recruiting and keeping up to date with
/usr-merge) and participated in the monthly meeting.
* I continued maintaining rebootstrap (e.g. loong64 and musl updates).
* I polished debvm for bookworm and it now supports --initsystem.
Helmut
Reply to: