Hello, This was my eleventh month working on LTS and ELTS. Thank you to Freexian and Freexian's sponsors for making these projects possible: <https://www.freexian.com/lts/debian/#sponsors> LTS - emacs - Followed up on my upload to bullseye-proposed-updates from last month. Release Team member Jonathan Wiltshire reminded me of a possible regression caused by upstream's fix for an older CVE. I prepared a new upload including the fix for that regression. bullseye-security had not been synced back into bullseye due to this regression, and my work cleaned up that situation. This is the kind of thing that can stall a long time when overstretched volunteers are the only people able to work on it, so great to have funding for it. - git - Started work on fixing a number of CVEs. I proposed that we don't backport all of upstream's fixes for these issues because there is the risk of a significant usability regression. Fortunately, we can fix most (or possibly all) of the headline issues with a careful combination of backported changes. I intend to explain more in my report next month. - pillow - Started forward-porting my fixes for CVE-2024-28219, CVE-2023-44271 and CVE-2023-50447 to bullseye & bookworm. The Debian Security Team were planning to handle these updates. But other issues came up in the meantime, and they asked me to work on it under Freexian. I appreciate the opportunity to reuse the learning I did when I first prepared the fixes for buster. - Attended monthly meeting. ELTS - emacs24 - Released ELA-1085-1 & ELA-1085-2 fixing CVE-2024-30203, CVE-2024-30204 and CVE-2024-30205. - emacs25 - Released ELA-1086-1 & ELA-1085-2 fixing CVE-2024-30203, CVE-2024-30204 and CVE-2024-30205. - Gave some feedback on the new ELTS upload procedures, which resulted in some documentation improvements, thanks to Helmut Grohne. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature