I've worked during December 2024 on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and sponsors [2] for providing this opportunity! intel-microcode (DLA-4002-1, ELA-1276-1) ======================================== As reported in Nomveberm additional fixes introduced with 3.20241112.1 have been prepared and awaiting feedback from the maintainer. The maintainer subsequently fixed stable and I've backported the fixes for LTS and ELTS. The fixed CVEs are: CVE-2024-21820, CVE-2024-21853, CVE-2024-23918 and CVE-2024-23918, which has been fixed in an earlier upload already, but the new uploads adds additional processor models. zabbix (DLA 3984-1, ELA-1273-1) =============================== Started in November, zabbix updates have been completed in December, fixing LTS (bullseye) and ELTS (stretch, jessie), fixing CVE-2024-36464 CVE-2024-42330 CVE-2024-42331 CVE-2024-42332 and CVE-2024-42333. For LTS, zabbix has been updated to the last upstream LTS version, and several CVEs not adressed in this updates backported. While triaging and backporting the zabbix issues, some inconsistencies in the upstream reporting of the vulnerabilties have been observed, for example one CVE is claimed to be fixed in a reported version, but still could be observed in a later version. For those inconsitencies I've reached out to upstream, but did not receive a response yet. busybox (WIP) ============= I've started to work on busybox, the upload will happen in January. [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
Attachment:
signature.asc
Description: PGP signature