(E)LTS report for October 2023

To: debian-lts@lists.debian.org
Subject: (E)LTS report for October 2023
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 4 Nov 2023 22:22:17 +0200
Message-id: <ZUan+QUCMamOg/km@localhost>

LTS:

poppler:
- Confirmed that CVE-2020-18839 is a duplicate of CVE-2020-27778
- Released DLA-3620-1, fixing CVE-2020-23804 CVE-2022-37050 CVE-2022-37051
- PoCs for all 3 CVEs were confirmed to be present in the unfixed 
  version and fixed in the fixed version

krb:
- Released DLA-3626-1, fixing CVE-2023-36054.


ELTS:

zookeeper:
- Checked and marked that CVE-2023-44981 (sole unfixed CVE) does not 
  affect jessie or stretch.

haproxy:
- Checked and marked that CVE-2023-44487 (sole unfixed CVE) does not
  affect jessie or stretch.

krb:
- Released ELA-987-1 for jessie and stretch, fixing CVE-2023-36054.

Reply to:

Prev by Date: LTS report for October 2023
Next by Date: PostgreSQL security updates
Previous by thread: (E)LTS report for October 2023
Next by thread: Debian LTS and ELTS -- October 2023
Index(es):
- Date
- Thread