Hello,
This was my third month working on LTS and ELTS. Thank you to Freexian
and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- flac
- Released DLA-3581-1 fixing CVE-2020-22219.
- ncurses
- Released DLA-3586-1 fixing CVE-2020-19189.
- Updated the security tracker's data regarding a number of other CVEs
that were already fixed in buster.
- open-vm-tools
- Applied fix for CVE-2023-20900 to our git repository and requested
testing on the LTS team mailing list. As testing requires an OpenVZ
setup, it would be a lot more efficient for someone who already has
one handy to do the testing.
- qemu
- Applied fixes for CVE-2020-24165, CVE-2023-0330 and CVE-2023-3180.
DLA not yet released because I have one more thing to test.
- Worked through other postponed CVEs and determined that no others
were applicable at present, either because upstream hasn't fixed it
yet or it's a minor issue not likely to be worth the testing effort.
- Added a few useful links to our testing notes for qemu.
- debchange is Debian's tool for generating entries in debian/changelog.
I committed a change to set urgency=high for LTS uploads, to automate
away a minor papercut for other LTS contributors. Indeed, I realised
that I had been forgetting to change this from the default
urgency=medium for my own LTS uploads.
- I had to send my apologies for this month's LTS IRC meeting.
ELTS
- ncurses
- Released ELA-967-1 fixing CVE-2020-19189.
- Updated the security tracker's data regarding a number of other CVEs
that were already fixed in buster.
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature