[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS and ELTS -- February 2025



Hi,

here are some remarks about my work on LTS and ELTS in February 2025.


- asterisk (ELTS/LTS)

DLA-4042-1 was released fixing CVE-2024-53566.

ELA-1319-1 was released fixing CVE-2024-53566 in Buster and Stretch.

- trafficserver (LTS)

DLA 4055-1 was released fixing CVE-2024-38479 and CVE-2024-50306.

- fort-validator (LTS)

DLA 4066-1 was released fixing CVE-2024-45234, CVE-2024-45235, CVE-
2024-45236, CVE-2024-45237, CVE-2024-45238, CVE-2024-45239, and CVE-
2024-48943. Special thanks go to Jochen Sprickerhof for helping
backport the testcase for CVE-2024-48943.

I created a Bookworm PU as well (#1098783).

- tryton-client (LTS)

DLA 4054-1 was released in addition to DLA 4022-1 for organizational
reasons.

- pagure (LTS)

I started working on pagure, prepping patches for CVE-2024-4981, CVE-
2024-4982, CVE-2024-47515, and CVE-2024-47516. But I ran into unrelated
build issue that I couldn't fix, so I pushed my work and returned the
package to the pool.

- icinga2 (ELTS)

I continued working on the Jessie branch and started testing.

- python-aiohttp (LTS)

I reviewed the proposed fixes by jspricke.

- misc (LTS)

I started looking into ipmctl. But I couldn't determine the patch for
CVE-2023-27517 and returned the package to the pool.


Thanks to Freexian and Freexian's sponsors for making these projects  
possible: https://www.freexian.com/lts/debian/#sponsors).

Regards, Daniel

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: