[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(E)LTS report for December 2024



I've worked during December 2024 on the below listed packages, for
Freexian LTS/ELTS [1]

Many thanks to Freexian and sponsors [2] for providing this opportunity!

intel-microcode (DLA-4002-1, ELA-1276-1)
========================================

As reported in Nomveberm additional fixes introduced with 3.20241112.1 have
been prepared and awaiting feedback from the maintainer.

The maintainer subsequently fixed stable and I've backported the fixes for
LTS and ELTS.

The fixed CVEs are:
CVE-2024-21820, CVE-2024-21853, CVE-2024-23918 and CVE-2024-23918, which has
been fixed in an earlier upload already, but the new uploads adds additional
processor models.


zabbix (DLA 3984-1, ELA-1273-1)
===============================

Started in November, zabbix updates have been completed in December,
fixing LTS (bullseye) and ELTS (stretch, jessie), fixing CVE-2024-36464
CVE-2024-42330 CVE-2024-42331 CVE-2024-42332 and CVE-2024-42333.

For LTS, zabbix has been updated to the last upstream LTS version, and
several CVEs not adressed in this updates backported.

While triaging and backporting the zabbix issues, some inconsistencies
in the upstream reporting of the vulnerabilties have been observed, for
example one CVE is claimed to be fixed in a reported version, but still
could be observed in a later version. For those inconsitencies I've
reached out to upstream, but did not receive a response yet.


busybox (WIP)
=============

I've started to work on busybox, the upload will happen in January.




[1]  https://www.freexian.com/lts/ [2]
https://www.freexian.com/lts/debian/#sponsors

Cheers, -- tobi

Attachment: signature.asc
Description: PGP signature


Reply to: