(E)LTS report for April 2024
LTS:
glibc:
- First part of work released as DLA-3807-1 in May.
gtkwave:
- DLA-3785-1 and DSA-5653-1 were released in April,
but the actual work was done and submitted for review in March.
pillow:
- Determined that CVE-2021-25291 does not affect buster.
- Released DLA-3786-1, fixing CVE-2024-28219.
ruby-rack:
- Released DLA-3800-1, fixing CVE-2024-25126, CVE-2024-26141
and CVE-2024-26146.
- These fixes were also uploaded to unstables and submitted
for bullseye and bookworm.
trafficserver:
- Released DLA-3799-1, fixing CVE-2024-31309.
zabbix:
- Determined that CVE-2022-40626 does not affect <= bullseye
- Released DLA-3798-1, fixing CVE-2024-22119.
xorg-server:
- Released DLA-3787-1, fixing CVE-2024-31080, CVE-2024-31081
and CVE-2024-31083.
ELTS:
glibc:
- First part of work released as ELA-1087-1 in May for
jessie and stretch
openexr:
- Determined that CVE-2024-31047 does not affect the binary
packages in stretch or buster.
pillow:
- Released ELA-1079-1, fixing CVE-2024-28219 in jessie and stretch.
ruby-rack:
- Determined that CVE-2024-25126 does not affect jessie or stretch.
- Released ELA-1081-1, fixing CVE-2024-26141 and CVE-2024-26146
in stretch.
zabbix:
- Determined that CVE-2024-22119 (sole remaining not ignored CVE)
does not affect jessie or stretch.
xorg-server:
- Released ELA-1072-1, fixing CVE-2024-31080, CVE-2024-31081
and CVE-2024-31083 in jessie and stretch.
Reply to: