[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(E)LTS and Debian report for February 2023


I am funded by Freexian SARL and thus reporting about my work in
February 2023.


I promised an update of heimdal since December. We finally are there.
The thing that took us so long was CVE-2022-45142 and you can get the
details from https://www.openwall.com/lists/oss-security/2023/02/08/1.
The update has finally been released to all suites from jessie to
unstable. Much thanks to Salvatore Bonaccorso for his support through
all of this.

I also promised an update of sox. This was special, because rather than
porting fixes, I had to come up with them on my own. It turned out that
what I thought to be a new vulnerability in my January report turned out
to be an integer overflow I happened to insert myself. Since this was
only very briefly in unstable (-3.1), there is no separate CVE. Yet,
these sox vulnerabilities are now fixed in all suites from jessie to


 * I filed 9 FTCBFS patch and helped including existing ones in the Qt6
 * I worked with the CTTE (mostly recruiting and keeping up to date with
   /usr-merge) and participated in the monthly meeting.
 * I continued maintaining rebootstrap (e.g. loong64 and musl updates).
 * I polished debvm for bookworm and it now supports --initsystem.


Reply to: