(E)LTS and Debian report for February 2023

To: debian-lts@lists.debian.org
Subject: (E)LTS and Debian report for February 2023
From: Helmut Grohne <helmut@subdivi.de>
Date: Wed, 1 Mar 2023 14:15:02 +0100
Message-id: <Y/9P1o2+Djp9AslE@alf.mars>
Mail-followup-to: Helmut Grohne <helmut@subdivi.de>, debian-lts@lists.debian.org

Hi,

I am funded by Freexian SARL and thus reporting about my work in
February 2023.

(E)LTS
======

I promised an update of heimdal since December. We finally are there.
The thing that took us so long was CVE-2022-45142 and you can get the
details from https://www.openwall.com/lists/oss-security/2023/02/08/1.
The update has finally been released to all suites from jessie to
unstable. Much thanks to Salvatore Bonaccorso for his support through
all of this.

I also promised an update of sox. This was special, because rather than
porting fixes, I had to come up with them on my own. It turned out that
what I thought to be a new vulnerability in my January report turned out
to be an integer overflow I happened to insert myself. Since this was
only very briefly in unstable (-3.1), there is no separate CVE. Yet,
these sox vulnerabilities are now fixed in all suites from jessie to
unstable.

Debian
======

 * I filed 9 FTCBFS patch and helped including existing ones in the Qt6
   stack.
 * I worked with the CTTE (mostly recruiting and keeping up to date with
   /usr-merge) and participated in the monthly meeting.
 * I continued maintaining rebootstrap (e.g. loong64 and musl updates).
 * I polished debvm for bookworm and it now supports --initsystem.

Helmut

Reply to:

Prev by Date: Debian LTS and ELTS - February 2023
Next by Date: Old stable debdiff
Previous by thread: Debian LTS and ELTS - February 2023
Next by thread: Old stable debdiff
Index(es):
- Date
- Thread