Debian LTS and ELTS report: February 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: February 2025
From: "Andrej Shadura" <andrewsh@debian.org>
Date: Fri, 28 Feb 2025 22:50:41 +0100
Message-id: <[🔎] 7e43c71e-9ad2-4e13-b2b5-1a91de59313b@app.fastmail.com>

Hello everyone,

Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in February 2025.

Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors

LTS
===

golang-glog

  I have uploaded what seemed a fairly simple update fixing a symlink-related
  vulnerability for golang-glog, but that resulted a series of updates to packages
  that build-depend on it, namely docker.io, golang-grpc-gateway, mtail,
  prometheus-mongodb-exporter.

rust-openssl

  A simple update, but similarly to golang-glog, I still need to check if there are
  any packages embedding the code of the Rust openssl crate and rebuild them.

nginx

  I’m preparing an update for nginx fixing CVE-2025-23419 and CVE-2024-7347.
  I’m also considering fixing CVE-2020-36309, but that one has a bit more potential
  to break things, so I need to figure out a way to test it properly. I will probably
  end up uploading it as a part of a separate DLA.

ELTS
====

I haven’t done anything for ELTS this month.

-- 
Cheers,
  Andrej

Reply to:

Prev by Date: Report for (E)?LTS of february
Next by Date: Debian LTS and ELTS -- February 2025
Previous by thread: Report for (E)?LTS of february
Next by thread: Debian LTS and ELTS -- February 2025
Index(es):
- Date
- Thread