Debian LTS and ELTS report: March 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: March 2025
From: Arturo Borrero Gonzalez <arturo@debian.org>
Date: Fri, 28 Mar 2025 15:10:25 +0100
Message-id: <[🔎] ae87efd0-c3d2-40bd-9ae2-1fa80b92eed4@debian.org>

Hello,

This is my March 2025 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!

LTS:
====

I did not do any LTS work this month.

ELTS:
====

I worked on the libmodbus package for Debian Jessie.

In particular, I’ve worked in backporting a fix for CVE-2024-10918, whichconsists of 3 different upstream patches. Most of the heavy work has beencompleted [3]. I also had conversations with the upstream developer, to see ifthey would be interested in collaborating to get this fixed, but they are notavailable at the moment.

An additional round of review & testing should be good to have before uploading.I don’t plan to keep working on this package in the next month. Other peopleshould take care of the remaining steps to fix this CVE in the ELTS releases.


regards.

[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors

[3]https://salsa.debian.org/lts-team/packages/libmodbus/-/blob/debian/jessie-security/debian/patches/CVE-2024-10918.patch

Reply to:

Follow-Ups:
- Re: Debian LTS and ELTS report: March 2025
  - From: Andreas Henriksson <andreas@fatal.se>

Prev by Date: Re: vim CVE-2021-4187
Next by Date: Re: Debian LTS and ELTS report: March 2025
Previous by thread: CVE-2022-3287 doesn't affect bullseye
Next by thread: Re: Debian LTS and ELTS report: March 2025
Index(es):
- Date
- Thread