During the month of August 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3515-1 for cjose=0.6.1+dfsg1-1+deb10u1
[CVE-2023-37464]
https://lists.debian.org/msgid-search/?m=ZMzS4JlH%2BWyKbyQm@debian.org
* DLA-3551-1 for otrs2=6.0.16-2+deb10u1
[CVE-2019-11358, CVE-2019-12248, CVE-2019-12497, CVE-2019-12746,
CVE-2019-13458, CVE-2019-16375, CVE-2019-18179, CVE-2019-18180,
CVE-2020-1765, CVE-2020-1766, CVE-2020-1767, CVE-2020-1769,
CVE-2020-1770, CVE-2020-1771, CVE-2020-1772, CVE-2020-1773,
CVE-2020-1774, CVE-2020-1776, CVE-2020-11022, CVE-2020-11023,
CVE-2021-21252, CVE-2021-21439, CVE-2021-21440, CVE-2021-21441,
CVE-2021-21443, CVE-2021-36091, CVE-2021-36100, CVE-2021-41182,
CVE-2021-41183, CVE-2021-41184, CVE-2022-4427 and CVE-2023-38060]
https://lists.debian.org/msgid-search/?m=ZO/cyVbROBJ6%2BVDv@debian.org
* nodjs: Triage CVE-2023-30581, CVE-2023-30588, CVE-2023-30589,
CVE-2023-32002, CVE-2023-32006 and CVE-2023-32559. Fix
CVE-2023-30590 in git but defer the upload to a later point (that CVE
alone doesn't warrant a DLA).
Thanks to the sponsors for financing the above, and to Freexian for
coordinating!
--
Guilhem.
Attachment:
signature.asc
Description: PGP signature