Hi, I was working mostly on runc this month, backporting the patches to fix and harden runc in Buster against CVE-2021-43784 and CVE-2024-21626, issueing DLA 3735-1. I also prepared the same patchset for runc for ELTS because it seemed that the version from Buster had been uploaded to Stretch. However, I couldn't find the version of runc that is in Git (and prepared for Stretch) in any Stretch repository, and then ran out of time. Thus, I have not gone any further there yet. I also checked again cairosvg and CVE-2023-27586, which I had originally examined back in April last year. Due to my recent findings, that I reported, I did not go forward. Thanks to Freexian and Freexian's sponsors for making these projects possible: <https://www.freexian.com/lts/debian/#sponsors>. Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part