Hi, here are some remarks about my work on LTS and ELTS in February 2025. - asterisk (ELTS/LTS) DLA-4042-1 was released fixing CVE-2024-53566. ELA-1319-1 was released fixing CVE-2024-53566 in Buster and Stretch. - trafficserver (LTS) DLA 4055-1 was released fixing CVE-2024-38479 and CVE-2024-50306. - fort-validator (LTS) DLA 4066-1 was released fixing CVE-2024-45234, CVE-2024-45235, CVE- 2024-45236, CVE-2024-45237, CVE-2024-45238, CVE-2024-45239, and CVE- 2024-48943. Special thanks go to Jochen Sprickerhof for helping backport the testcase for CVE-2024-48943. I created a Bookworm PU as well (#1098783). - tryton-client (LTS) DLA 4054-1 was released in addition to DLA 4022-1 for organizational reasons. - pagure (LTS) I started working on pagure, prepping patches for CVE-2024-4981, CVE- 2024-4982, CVE-2024-47515, and CVE-2024-47516. But I ran into unrelated build issue that I couldn't fix, so I pushed my work and returned the package to the pool. - icinga2 (ELTS) I continued working on the Jessie branch and started testing. - python-aiohttp (LTS) I reviewed the proposed fixes by jspricke. - misc (LTS) I started looking into ipmctl. But I couldn't determine the patch for CVE-2023-27517 and returned the package to the pool. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part