(E)LTS report for September 2024

To: debian-lts@lists.debian.org
Subject: (E)LTS report for September 2024
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 3 Oct 2024 11:38:51 +0300
Message-id: <[🔎] Zv5YG8heuzeTJCHS@localhost>

LTS:

booth:
- Released DLA-3894-1, fixing CVE-2024-3049.
- Provided the package for DSA-5777-1, fixing CVE-2024-3049
  in bookworm.

nghttp2:
- Released DLA-3898-1, fixing CVE-2024-28182.
- Submitted a package fixing CVE-2024-28182 in the next bookworm
  point release.

php-twig:
- Released DLA-3888-1, fixing CVE-2024-45411.

puredata:
- Released DLA-3895-1, fixing CVE-2023-47480.
- Submitted a package fixing CVE-2023-47480 in the next bookworm
  point release.

mediawiki:
- Released DLA-3896-1, fixing CVE-2023-51704.

ruby-httparty:
- Released DLA-3900-1, fixing CVE-2024-22049.

ruby-loofah:
- Released DLA-3901-1, fixing CVE-2022-23514, CVE-2022-23515
  and CVE-2022-23516.

ruby-rails-html-sanitizer:
- Released DLA-3902-1, fixing CVE-2022-23517, CVE-2022-23518,
  CVE-2022-23519, CVE-2022-23520 and CVE-2022-32209.

sqlite3:
- Determined that CVE-2021-31239 does not affect <= bullseye.
- Released DLA-3907-1, fixing CVE-2021-36690 and CVE-2023-7104.
- Submitted a package fixing CVE-2023-7104 in the next bookworm
  point release.

trafficserver:
- Released DLA-3897-1, fixing CVE-2023-38522, CVE-2024-35161
  and CVE-2024-35296.

wireshark:
- Determined that CVE-2021-4183 does not affect bullseye.
- Determined that CVE-2023-0414 does not affect bullseye.
- Released DLA-3906-1, fixing CVE-2021-4181, CVE-2021-4182,
  CVE-2021-4184, CVE-2021-4185, CVE-2021-4186, CVE-2021-4190,
  CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585,
  CVE-2022-0586, CVE-2022-3190, CVE-2022-4344, CVE-2022-4345,
  CVE-2023-0411, CVE-2023-0412, CVE-2023-0413, CVE-2023-0415,
  CVE-2023-0416, CVE-2023-0417, CVE-2023-0666, CVE-2023-0667,
  CVE-2023-0668, CVE-2023-1161, CVE-2023-1992, CVE-2023-1993,
  CVE-2023-1994, CVE-2023-2855, CVE-2023-2856, CVE-2023-2858,
  CVE-2023-2879, CVE-2023-2906, CVE-2023-2952, CVE-2023-3648,
  CVE-2023-3649, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513,
  CVE-2023-6175, CVE-2024-0208, CVE-2024-0209, CVE-2024-0211,
  CVE-2024-2955, CVE-2024-4853, CVE-2024-4854, CVE-2024-8250
  and CVE-2024-8645.
- Submitted a package fixing CVE-2024-0208, CVE-2024-0209,
  CVE-2024-0211, CVE-2024-2955, CVE-2024-4853, CVE-2024-4854,
  CVE-2024-4855, CVE-2024-8250 and CVE-2024-8645 in the next
  bookworm point release.


ELTS:

iproute2:
- Released ELA-1185-1, fixing CVE-2019-20795 in buster.

libpam-tacplus:
- Released ELA-1180-1, fixing CVE-2016-20014 in buster.

sqlite3:
- Released ELA-1191-1, fixing CVE-2019-19244, CVE-2021-36690
  and CVE-2023-7104 in buster.

wireshark:
- Determined that CVE-2024-0209 does not affect buster.
- Released ELA-1188-1, fixing CVE-2023-0667, CVE-2023-3649,
  CVE-2023-4512, CVE-2024-0211, CVE-2024-2955, CVE-2024-4853,
  CVE-2024-4854, CVE-2024-8250 and CVE-2024-8645 in buster and stretch.

zeromq3:
- Determined that CVE-2021-20237 does not affect jessie.
- Released ELA-1184-1, fixing CVE-2021-20234, CVE-2021-20235
  and CVE-2021-20237 in buster.

Reply to:

Prev by Date: Re: Support for ckeditor3 and horde in Debian
Next by Date: Report a vulnerability to the security team
Previous by thread: Re: Support for ckeditor3 (and 4) and horde in Debian
Next by thread: (E)LTS report for September 2024
Index(es):
- Date
- Thread