I've worked during May 2024 on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and sponsors [2] for providing this opportunity! ELTS and LTS: gnutls28 (ELA-1090-1) ===================== This involved a lot of triaging and some verdicts were that the version in ELTS are not or only partially affected, so in the end only CVE-2021-4209 has been fixed in this upload, and only for stretch. For this vulnerability, jessie was found not to be affected, as we jessie builds agains nettle2, and the codepath using nettle2 had a check already in place, so the vulnerabilty can not be triggered. Other vulnerabilties triaged and found not affected ELTS: CVE-2024-0567 - vulnerable code not present in ELTS. CVE-2024-28834 - vulnerable code not present in ELTS. CVE-2024-28835/gnutls28 - vulnerable code not present in ELTS. intel-microcode (DLA-3808-1, ELA-1088-1) ======================================== Intel has released microcode updates, addressing serveral vulnerabilties. This releases updated the microcode packgage to address a few CVEs, see the DLA/ELA for details. frr (oldstable) =============== As follow up from last month, preparing frr for bullseye too. frr is the same version in buster and bullseye, so porting the version to oldstalbe had a lot of synergies. I'm Currently waiting for the security team's feedback about how to proceed further. firmware-nonfree ================ Salavatore approached me for firmware-nonfree and we've (Ben, Salvatore, /me) used the opportunity at the MDC Berlin to talk how we can align the efforts better to get updated firmware in all suites. Currently bullseye is behind LTS and ELTS, so one point we've agreed on is that I'll tackle bullseye to get that updated. In parallel Ben will work on tools to make it easier / more automated in the future to backport newer firmware to the respectice suites. I've worked on the bullseye update already, but couldn't complete it in May. [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
Attachment:
signature.asc
Description: PGP signature