[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(E)LTS report for October 2024

LTS:

e2fsprogs:
- Enabled the upstream tests during the build.
- Released DLA-3910-1, fixing CVE-2022-1304.

fcgiwrap:
- Discussed and documented that the CVE-2024-32004/git
  regression does not affect <= bullseye.

ikiwiki-hosting:
- Discussed and documented that the CVE-2024-32004/git
  regression does not affect <= bullseye.

libgsf:
- Released DLA-3911-1, fixing CVE-2024-36474 and CVE-2024-42415.

mediawiki:
- Determined that CVE-2024-47913 (sole unfixed CVE)
  does not affect bullseye.

python-cryptography:
- Determined that CVE-2024-26130 does not affect bullseye
  or buster.
- Released DLA-3922-1, fixing CVE-2023-23931 and CVE-2023-49083.
- Fixed CVE-2023-49083 and CVE-2024-26130 in the bookworm 12.8
  point release.


ELTS:

e2fsprogs:
- Enabled the upstream tests during the build.
- Released ELA-1196-1, fixing CVE-2022-1304 in buster,
  stretch and jessie.

ffmpeg:
- Determined that CVE-2020-20451 was already fixed in buster.
- Determined that CVE-2020-22041 was already fixed in buster.
- Determined that CVE-2020-22044 was already fixed in buster.
- Determined that CVE-2020-22046 was already fixed in buster.
- Determined that CVE-2020-22048 was already fixed in buster.
- Determined that CVE-2023-49501 does not affect stretch.
- Determined that CVE-2024-7055 does not affect <= buster.
- Released ELA-1222-1, fixing CVE-2020-22040, CVE-2023-49502
  and CVE-2024-32230 in buster and stretch, and CVE-2020-20898,
  CVE-2020-22051, CVE-2020-22056, CVE-2021-38090, CVE-2021-38091,
  CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2022-48434,
  CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51798
  and CVE-2024-31578 in buster.

gtk+2.0:
- Released ELA-1202-1, fixing CVE-2024-6655 in buster, stretch
  and jessie

gtk+3.0:
- Released ELA-1201-1, fixing CVE-2024-6655 in buster, stretch
  and jessie

libgsf:
- Released ELA-1200-1, fixing CVE-2024-36474 and CVE-2024-42415
  in buster and stretch

libseccomp:
- Released ELA-1232-1, fixing CVE-2019-9893 in buster, stretch
  and jessie

libsepol:
- Determined that CVE-2021-36084, CVE-2021-36085, CVE-2021-36086
  and CVE-2021-36087 (all unfixed CVEs) do not affect jessie.

libxml2:
- Released ELA-1195-1, fixing CVE-2016-9318 in buster.

ntfs-3g:
- Released ELA-1197-1, fixing CVE-2023-52890 in buster
  and stretch.

python-cryptography:
- Determined that CVE-2020-36242 does not affect buster.
- Released ELA-1215-1, fixing CVE-2020-25659 in buster.

shadow:
- Released ELA-1220-1, fixing CVE-2018-7169, CVE-2023-4641
  and CVE-2023-29383 in buster and stretch.

vlc:
- Released ELA-1194-1, fixing CVE-2024-46461 in buster
  and stretch.
Reply to: