I've worked during June 2023 on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS: ==== nvidia-cuda-tools: Triaging with the result that an update probably does not make sense as fixed for CVEs are not available for the version in buster, and a newer version has the danger that it does not support all cards that were originally. The libraries might also break ABI. See also Andreas reply in the thread starting at https://lists.debian.org/debian-lts/2023/06/msg00032.html LTS and ELTS: ============= php-cas: Ongoing work to prepare updated packages for CVE-2017-1000071, an authentication bypass vulnerability (please see the CVE for details.) Unfortunatly the change required is API breaking, so reverse dependencies needs to be fixed as well. In buster, those are: - fusiondirectory (patch for the CVE-2017-1000071 ready) - ocsinventory-server (TODO) As users might be using software using php-cas not in Debian, to give them an opportunity to fix the pacakges on their side, preliminary packages are available. See this thread and replies for more information and where those are: https://lists.debian.org/debian-lts/2023/06/msg00058.html fusiondirectory needs also some fixes of its own; I'm coordinating the upload with Abhijith PA, as they have been working on the package for those. The plan is to upload php-cas, fusiondirectory and ocsinventory-server at the same time, once ocsinventory-server is ready. For stretch, php-cas has only unsupported reverse dependencies in Debian, still this needs coordination with users the package to get their software updated. After this coordinatio is done, I'll plan to upload php-cas for stretch. ELTS: ==== yajl: ELA-888-1 (stretch/jessie), CVE-2023-33460, a memory leak that can lead to DoS. [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
Attachment:
signature.asc
Description: PGP signature