Debian LTS report for February 2024

To: debian-lts@lists.debian.org
Subject: Debian LTS report for February 2024
From: Guilhem Moulin <guilhem@debian.org>
Date: Sat, 2 Mar 2024 16:23:50 +0100
Message-id: <[🔎] wr9W91X07BdEqlUY@debian.org>
Mail-followup-to: debian-lts@lists.debian.org

During the month of February 2024 and on behalf of Freexian, I worked on the
following:

gnutls28
--------

Uploaded 3.6.7-4+deb10u12 and issued DLA-3740-1
https://lists.debian.org/msgid-search/?m=ZdxcK-hKepfC8AOY@debian.org

 * CVE-2024-0553: Timing side-channel attack in the RSA-PSK key
   exchange.

nodejs
------

  * Backported upstream fix for CVE-2024-22025 (DoS by resource
    exhaustion in fetch() brotli decoding) and fixed the upstream test
    suite.
  * Started working on a fix for CVE-2023-46809 (Marvin Attack, timing
    variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)
    but this is still work in progress.

dask.distributed
----------------

  * Fix failing DEP-8 tests for buster.
  * Started working on a fix for CVE-2021-42343 but didn't upload yet.

Thanks to the sponsors for financing the above, and to Freexian for
coordinating!
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: (E)LTS report for February 2024
Next by Date: E?LTS report for february
Previous by thread: (E)LTS report for February 2024
Next by thread: E?LTS report for february
Index(es):
- Date
- Thread