Debian LTS and ELTS report: January 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: January 2025
From: "Andrej Shadura" <andrewsh@debian.org>
Date: Sun, 02 Feb 2025 19:33:23 +0100
Message-id: <[🔎] f2b8a238-ec61-4ea2-8c1c-68b4907d14e7@app.fastmail.com>

Hello everyone,

Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in January 2025.

Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors

LTS
===

389-ds-base

  In December, I worked on an update for this package, but since CVEs I
  was going to fix were still not fixed in stable, in January I worked on
  an update for it in stable as well.
  Ultimately, I have uploaded fixes for 4 CVEs into proposed-updates:
  CVE-2024-2199, CVE-2024-8445, CVE-2024-5953, CVE-2024-3657.
  After that, I have uploaded the previously prepared update for bullseye
  fixing all CVEs but CVE-2024-6237, CVE-2022-1949, CVE-2023-1055 and
  CVE-2016-5416, as I described in my December’s update.

git-lfs

  A fairly simple update for CVE-2024-53263 went into bookworm and bullseye.

ELTS
====

libgit2

  I have backported a bunch of security fixes for libgit2 to jessie:
  CVE-2016-10128, CVE-2016-10129, CVE-2016-8568, CVE-2016-8569,
  CVE-2018-10887, CVE-2018-10888, CVE-2018-8099, CVE-2020-12278,
  CVE-2020-12279, CVE-2024-24577.

  CVE-2023-22742 was a bit too complicated for me to backport, so I marked it
  as postponed, and I may return to it in future.
  CVE-2018-8098 was also not actionable since the code in question was not
  present in the version jessie shipped.

-- 
Cheers,
  Andrej

Reply to:

Prev by Date: Report for (E)?LTS of january
Next by Date: Bug#1095072: orthanc: Orthanc crashes with lastest dcmtk or libdcmtk15 security update
Previous by thread: Report for (E)?LTS of january
Next by thread: Bug#1095072: orthanc: Orthanc crashes with lastest dcmtk or libdcmtk15 security update
Index(es):
- Date
- Thread