I've worked during November 2024 on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and sponsors [2] for providing this opportunity! smarty3 (DLA-3956-1, ELA-1237-1) ================================ Fixed threeCVEs for smarty3, a PHP templating engine. CVE-2018-25047, CVE-2023-28447 and CVE-2024-35226 During investigation CVE-20218-25047 for bullseye, I've found that the previous fix in DLA-3262-1 was incomplete so the fix was ammended. Additionally, I've added autopkgtests to the package, using the logic in the upstream unit tests to test that the fixes have effect. Beside targeting buster and bullseye, I've also fixed unstable and prepared the upload for bookworm. intel-mediasdk ============== After starting the discussion in October whether intel-mediasdk is supportable, the package has now been added to security-support-ended for Debian 12 and Debian 11. amd64-microcode (ELA-1241-1) =========================== Update for AMD CPUs microcode for all ELTS suites, targeting CVE-2023-20569, CVE-2023-20584, CVE-2023-31315 and CVE-2023-31356 intel-microcodea (DLA 3964-1, ELA-1242-1) ========================================= Update for Intel CPUs micocode for all LTS and ELTS suites, targeting CVE-2024-23984 and CVE-2024-24968, bringing up the microcodes to version 3.20240910.1 Additional fixes introduced with 3.20241112.1 have been prepared and awaiting feedback from the maintainer. Those will be uploaded in December. zabbix ====== Started working on updating zabbix, as new vulnerabilities have been found. The first step was to triage all the vulnerbilties to evaluate which ones needs actual fixing. Reached out to the stable security team wether upgrading to the latest upstream LTS version would be an acceptable approach for stable as well. For bullseye the plan will be to upload the latest upstream LTS version and then fix the remaining issues; ELTS can only be fixes by backporting, so that will be the plan. [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
Attachment:
signature.asc
Description: PGP signature