(E)LTS report for November 2023

To: debian-lts@lists.debian.org
Subject: (E)LTS report for November 2023
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 10 Dec 2023 11:48:01 +0200
Message-id: <[🔎] ZXWJUfZ1HYCwZXKS@localhost>

LTS:

trafficserver:
- Released DLA-3645-1, fixing CVE-2023-41752 and CVE-2023-44487.

galera-3:
- Determined that CVE-2023-5157 in galera-4 does not affect galera-3.

gimp:
- Released DLA-3659-1, fixing CVE-2022-30067, CVE-2023-44442 
  and CVE-2023-44444.
- Determined that CVE-2023-44443 does not affect <= buster.
- The plugin with CVE-2023-44441 is in gimp-dds in <= buster,
  released DLA-3677-1 for gimp-dds with this fix.
- Notified the security team to get rid of the stale gimp-dds package 
  in bullseye+bookworm that is an older version of a plugin moved into
  gimp in >= bullseye.
- Submitted gimp packages for bullseye-pu and bookworm-pu that add 
  Breaks to remove the old and vulnerable gimp-dds version of the plugin.

vlc:
- Released DLA-3679-1, updating to the latest upstream version,
  which also fixes CVE-2023-47359 and CVE-2023-47360.



ELTS:

vim:
- Released ELA-1002-1, fixing CVE-2023-4752, CVE-2023-4781 
  and CVE-2023-5344 in jessie and stretch.

gimp:
- Released ELA-1005-1, fixing CVE-2022-30067, CVE-2023-44442
  and CVE-2023-44444 in stretch.

vlc:
- Released ELA-1016-1, updating to the latest upstream version
  in stretch, which also fixes CVE-2023-47359 and CVE-2023-47360.

Reply to:

Prev by Date: Re: upcoming changes of the web pages /security and /lts/security
Next by Date: Pkg sponsorship needed with LTS upload: curl/7.64.0-4+deb10u8
Previous by thread: (E)LTS report for November 2023
Next by thread: Re: Support of Tor in buster LTS
Index(es):
- Date
- Thread