Hi, Here is my public monthly report. Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/services/debian-lts.html#sponsors In april I spend my time on LTS as: - fixing apache2 CVE-2023-25690 CVE-2023-27522. CVE-2023-25690 created some regressions: * I backported some regression fixes from upstream * documented the expected regression - write a POC for CVE-2023-25690 in order to avoid regression and improve the testsuite - test uwsgi proxy under autopkgtest framework - Backport perl-framework testsuite from sid for apache2 testsuite For ELTS: - Finalize dnsmasq upload from march including improving the testsuite. - backporting from buster CVE-2023-25690 and regression fixes - triaging CVE-2023-27522 that is in fact for old uwsgi package, check if vulnerable code is present in source code - fixing for apache2 CVE-2006-20001, CVE-2022-36760, CVE-2022-37436 - preparing work for fixing CVE-2022-37436 Thanks to Roberto and Markus for double checking apache2 Thanks Bastien
Attachment:
signature.asc
Description: This is a digitally signed message part.