Hi, This month activity consisted to: - release ELA-865-1 for imagemagick - release ELA-869-1 for php-phpseclib including introducing a test suite. - release ELA-875-1 for libxpm - Triage yajl. Fix was not release but yajl is embed in other package. Check if this CVE affects other package and evaluate severity. - Release lua5.3 ELA-879-1 - Triage CVE-2021-43519 with Guilhem Moulin. find that is does not affect lua <5.4. - Release ELA for postgres 9.6 and postgres 9.4 - For postgresql investigate CVE-2023-2455 and found we are not affected because optimization that trigger this bug was introduced only in 9.6 - release DLA for docker-registry - Triage grpc, fix are hard to backport - Triage libusrsctp - release dla-3457 for maradns - release dla-3459 for libxpm - avahi release a fix for CVE-2021-3468 - docker.io: backport a hard to fix CVE-2023-28842, CVE-2023-28841, CVE-2023-28840. Wait for review. I also participate to LTS meeting, and help other members. Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/lts/debian/#sponsors rouca
Attachment:
signature.asc
Description: This is a digitally signed message part.