(E)LTS report for September 2024
LTS:
booth:
- Released DLA-3894-1, fixing CVE-2024-3049.
- Provided the package for DSA-5777-1, fixing CVE-2024-3049
in bookworm.
nghttp2:
- Released DLA-3898-1, fixing CVE-2024-28182.
- Submitted a package fixing CVE-2024-28182 in the next bookworm
point release.
php-twig:
- Released DLA-3888-1, fixing CVE-2024-45411.
puredata:
- Released DLA-3895-1, fixing CVE-2023-47480.
- Submitted a package fixing CVE-2023-47480 in the next bookworm
point release.
mediawiki:
- Released DLA-3896-1, fixing CVE-2023-51704.
ruby-httparty:
- Released DLA-3900-1, fixing CVE-2024-22049.
ruby-loofah:
- Released DLA-3901-1, fixing CVE-2022-23514, CVE-2022-23515
and CVE-2022-23516.
ruby-rails-html-sanitizer:
- Released DLA-3902-1, fixing CVE-2022-23517, CVE-2022-23518,
CVE-2022-23519, CVE-2022-23520 and CVE-2022-32209.
sqlite3:
- Determined that CVE-2021-31239 does not affect <= bullseye.
- Released DLA-3907-1, fixing CVE-2021-36690 and CVE-2023-7104.
- Submitted a package fixing CVE-2023-7104 in the next bookworm
point release.
trafficserver:
- Released DLA-3897-1, fixing CVE-2023-38522, CVE-2024-35161
and CVE-2024-35296.
wireshark:
- Determined that CVE-2021-4183 does not affect bullseye.
- Determined that CVE-2023-0414 does not affect bullseye.
- Released DLA-3906-1, fixing CVE-2021-4181, CVE-2021-4182,
CVE-2021-4184, CVE-2021-4185, CVE-2021-4186, CVE-2021-4190,
CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585,
CVE-2022-0586, CVE-2022-3190, CVE-2022-4344, CVE-2022-4345,
CVE-2023-0411, CVE-2023-0412, CVE-2023-0413, CVE-2023-0415,
CVE-2023-0416, CVE-2023-0417, CVE-2023-0666, CVE-2023-0667,
CVE-2023-0668, CVE-2023-1161, CVE-2023-1992, CVE-2023-1993,
CVE-2023-1994, CVE-2023-2855, CVE-2023-2856, CVE-2023-2858,
CVE-2023-2879, CVE-2023-2906, CVE-2023-2952, CVE-2023-3648,
CVE-2023-3649, CVE-2023-4511, CVE-2023-4512, CVE-2023-4513,
CVE-2023-6175, CVE-2024-0208, CVE-2024-0209, CVE-2024-0211,
CVE-2024-2955, CVE-2024-4853, CVE-2024-4854, CVE-2024-8250
and CVE-2024-8645.
- Submitted a package fixing CVE-2024-0208, CVE-2024-0209,
CVE-2024-0211, CVE-2024-2955, CVE-2024-4853, CVE-2024-4854,
CVE-2024-4855, CVE-2024-8250 and CVE-2024-8645 in the next
bookworm point release.
ELTS:
iproute2:
- Released ELA-1185-1, fixing CVE-2019-20795 in buster.
libpam-tacplus:
- Released ELA-1180-1, fixing CVE-2016-20014 in buster.
sqlite3:
- Released ELA-1191-1, fixing CVE-2019-19244, CVE-2021-36690
and CVE-2023-7104 in buster.
wireshark:
- Determined that CVE-2024-0209 does not affect buster.
- Released ELA-1188-1, fixing CVE-2023-0667, CVE-2023-3649,
CVE-2023-4512, CVE-2024-0211, CVE-2024-2955, CVE-2024-4853,
CVE-2024-4854, CVE-2024-8250 and CVE-2024-8645 in buster and stretch.
zeromq3:
- Determined that CVE-2021-20237 does not affect jessie.
- Released ELA-1184-1, fixing CVE-2021-20234, CVE-2021-20235
and CVE-2021-20237 in buster.
Reply to: