Debian LTS & ELTS -- October 2024

To: debian-lts@lists.debian.org
Subject: Debian LTS & ELTS -- October 2024
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Thu, 31 Oct 2024 14:43:47 +0800
Message-id: <[🔎] 87y124ai1o.fsf@melete.silentflame.com>

Hello,

September was my sixteenth month working on LTS and ELTS.  Thank you to
Freexian and Freexian's sponsors for making these projects possible:
    <https://www.freexian.com/lts/debian/#sponsors>

LTS

- libsepol

  - Released DLA-3930-1 fixing CVE-2021-36084, CVE-2021-36085,
    CVE-2021-36086 and CVE-2021-36087.

    These problems were all discovered by Google's oss-fuzz project.
    It was straightforward to backport upstream's fixes.

  - Submitted my notes on running libsepol's test suite to the team
    wiki, for the next person to work on this package.  It's somewhat
    tricky because of how selinux is developed upstream in a single
    repository that becomes multiple source packages in Debian.

    Fortunately, the build system is straightforward enough that it only
    takes a few additional steps to get the test suite running.

- ghostscript

  - Released DLA-3931-1 fixing CVE-2024-29508.

- openssl

  - Released DLA-3942-1 fixing CVE-2023-5678, CVE-2024-0727,
    CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 and CVE-2024-9143.

- Correspondence.

ELTS

- libsepol

  - Released ELA-1209-1 fixing CVE-2021-36084, CVE-2021-36085,
    CVE-2021-36086 and CVE-2021-36087.

- openssl

  - Started work on an ELA for openssl fixing CVE-2023-5678,
    CVE-2024-0727, CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 and
    CVE-2024-9143.

-- 
Sean Whitton

Reply to:

Prev by Date: Re: LTS meeting notes
Next by Date: Re: openssl in bullseye
Previous by thread: Re: [SECURITY] [DLA 3942-1] openssl security update
Next by thread: Debian LTS & ELTS report -- October 2024
Index(es):
- Date
- Thread