[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(E)LTS report for May 2024



I've worked during May 2024 on the below listed packages, for
Freexian LTS/ELTS [1] 

Many thanks to Freexian and sponsors [2] for providing this opportunity!

ELTS and LTS: 


gnutls28 (ELA-1090-1)
=====================

This involved a lot of triaging and some verdicts were that the version
in ELTS are not or only partially affected, so in the end only
CVE-2021-4209 has been fixed in this upload, and only for stretch.

For this vulnerability, jessie was found not to be affected, as we
jessie builds agains nettle2, and the codepath using nettle2 had a check
already in place, so the vulnerabilty can not be triggered.

Other vulnerabilties triaged and found not affected ELTS:
CVE-2024-0567 - vulnerable code not present in ELTS.
CVE-2024-28834 - vulnerable code not present in ELTS.
CVE-2024-28835/gnutls28 - vulnerable code not present in ELTS.


intel-microcode (DLA-3808-1, ELA-1088-1)
========================================

Intel has released microcode updates, addressing serveral vulnerabilties.
This releases updated the microcode packgage to address a few CVEs,
see the DLA/ELA for details.


frr (oldstable)
===============

As follow up from last month, preparing frr for bullseye too.
frr is the same version in buster and bullseye, so porting the version
to oldstalbe had a lot of synergies. I'm Currently waiting for the security
team's feedback about how to proceed further.


firmware-nonfree
================

Salavatore approached me for firmware-nonfree and we've (Ben, Salvatore, /me)
used the opportunity at the MDC Berlin to talk how we can align the efforts
better to get updated firmware in all suites.

Currently bullseye is behind LTS and ELTS, so one point we've agreed on is that
I'll tackle bullseye to get that updated. In parallel Ben will work on tools to
make it easier / more automated in the future to backport newer firmware to the
respectice suites.

I've worked on the bullseye update already, but couldn't complete it in
May.


[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Cheers,
-- 
tobi

Attachment: signature.asc
Description: PGP signature


Reply to: