Debian (E)LTS report for October 2024

To: debian-lts@lists.debian.org
Subject: Debian (E)LTS report for October 2024
From: Lee Garrett <debian@rocketjump.eu>
Date: Mon, 11 Nov 2024 11:32:48 +0100
Message-id: <[🔎] f56916f6-1c99-4563-9e7e-2e633b0b9312@rocketjump.eu>

Hi everyone,

in October I worked on dnsmasq in bullseye, fixing

- CVE-2022-0934
- CVE-2023-28450
- CVE-2023-50387
- CVE-2023-50868

The last two patches fix the "keytrap" and "NSEC3" issue, which were quitedifficult to backport. I have also contacted the security researchers of the twovulnerabilities who have provided me with a test environment to verify thefunctionality of the backport.


I'm also in the process backporting the last two CVE patches for buster.

Thanks to our sponsors for financing this work, and to Freexian for coordinating!

Regards,
Lee Garrett,
Debian LTS Team

Reply to:

Prev by Date: Bug#1087148: firefox-esr: [regression] leaves even unchanged sqlite files open
Next by Date: (E)LTS report for October 2024
Previous by thread: Bug#1087148: firefox-esr: [regression] leaves even unchanged sqlite files open
Next by thread: Bug#1087419: CVE-2024-52533: glib2.0: Buffer overflow in gsocks4aproxy set_connect_msg()
Index(es):
- Date
- Thread