(E)LTS report for November 2023
LTS:
trafficserver:
- Released DLA-3645-1, fixing CVE-2023-41752 and CVE-2023-44487.
galera-3:
- Determined that CVE-2023-5157 in galera-4 does not affect galera-3.
gimp:
- Released DLA-3659-1, fixing CVE-2022-30067, CVE-2023-44442
and CVE-2023-44444.
- Determined that CVE-2023-44443 does not affect <= buster.
- The plugin with CVE-2023-44441 is in gimp-dds in <= buster,
released DLA-3677-1 for gimp-dds with this fix.
- Notified the security team to get rid of the stale gimp-dds package
in bullseye+bookworm that is an older version of a plugin moved into
gimp in >= bullseye.
- Submitted gimp packages for bullseye-pu and bookworm-pu that add
Breaks to remove the old and vulnerable gimp-dds version of the plugin.
vlc:
- Released DLA-3679-1, updating to the latest upstream version,
which also fixes CVE-2023-47359 and CVE-2023-47360.
ELTS:
vim:
- Released ELA-1002-1, fixing CVE-2023-4752, CVE-2023-4781
and CVE-2023-5344 in jessie and stretch.
gimp:
- Released ELA-1005-1, fixing CVE-2022-30067, CVE-2023-44442
and CVE-2023-44444 in stretch.
vlc:
- Released ELA-1016-1, updating to the latest upstream version
in stretch, which also fixes CVE-2023-47359 and CVE-2023-47360.
Reply to: