[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS & ELTS -- May 2024



Hello,

This was my eleventh month working on LTS and ELTS.  Thank you to
Freexian and Freexian's sponsors for making these projects possible:
    <https://www.freexian.com/lts/debian/#sponsors>

LTS

- emacs

  - Followed up on my upload to bullseye-proposed-updates from last
    month.  Release Team member Jonathan Wiltshire reminded me of a
    possible regression caused by upstream's fix for an older CVE.
    I prepared a new upload including the fix for that regression.

    bullseye-security had not been synced back into bullseye due to this
    regression, and my work cleaned up that situation.
    This is the kind of thing that can stall a long time when
    overstretched volunteers are the only people able to work on it,
    so great to have funding for it.

- git

  - Started work on fixing a number of CVEs.

    I proposed that we don't backport all of upstream's fixes for these
    issues because there is the risk of a significant usability
    regression.  Fortunately, we can fix most (or possibly all) of the
    headline issues with a careful combination of backported changes.
    I intend to explain more in my report next month.

- pillow

  - Started forward-porting my fixes for CVE-2024-28219, CVE-2023-44271
    and CVE-2023-50447 to bullseye & bookworm.

    The Debian Security Team were planning to handle these updates.
    But other issues came up in the meantime, and they asked me to work
    on it under Freexian.  I appreciate the opportunity to reuse the
    learning I did when I first prepared the fixes for buster.

- Attended monthly meeting.

ELTS

- emacs24

  - Released ELA-1085-1 & ELA-1085-2 fixing CVE-2024-30203,
    CVE-2024-30204 and CVE-2024-30205.

- emacs25

  - Released ELA-1086-1 & ELA-1085-2 fixing CVE-2024-30203,
    CVE-2024-30204 and CVE-2024-30205.

- Gave some feedback on the new ELTS upload procedures, which resulted
  in some documentation improvements, thanks to Helmut Grohne.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature


Reply to: