Hello,
This was my eleventh month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- emacs
- Followed up on my upload to bullseye-proposed-updates from last
month. Release Team member Jonathan Wiltshire reminded me of a
possible regression caused by upstream's fix for an older CVE.
I prepared a new upload including the fix for that regression.
bullseye-security had not been synced back into bullseye due to this
regression, and my work cleaned up that situation.
This is the kind of thing that can stall a long time when
overstretched volunteers are the only people able to work on it,
so great to have funding for it.
- git
- Started work on fixing a number of CVEs.
I proposed that we don't backport all of upstream's fixes for these
issues because there is the risk of a significant usability
regression. Fortunately, we can fix most (or possibly all) of the
headline issues with a careful combination of backported changes.
I intend to explain more in my report next month.
- pillow
- Started forward-porting my fixes for CVE-2024-28219, CVE-2023-44271
and CVE-2023-50447 to bullseye & bookworm.
The Debian Security Team were planning to handle these updates.
But other issues came up in the meantime, and they asked me to work
on it under Freexian. I appreciate the opportunity to reuse the
learning I did when I first prepared the fixes for buster.
- Attended monthly meeting.
ELTS
- emacs24
- Released ELA-1085-1 & ELA-1085-2 fixing CVE-2024-30203,
CVE-2024-30204 and CVE-2024-30205.
- emacs25
- Released ELA-1086-1 & ELA-1085-2 fixing CVE-2024-30203,
CVE-2024-30204 and CVE-2024-30205.
- Gave some feedback on the new ELTS upload procedures, which resulted
in some documentation improvements, thanks to Helmut Grohne.
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature