[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian LTS and ELTS report: March 2025

Hello Arturo,

On Fri, Mar 28, 2025 at 03:10:25PM +0100, Arturo Borrero Gonzalez wrote:
> Hello,
[...]
> I worked on the libmodbus package for Debian Jessie.
> 
> In particular, I’ve worked in backporting a fix for CVE-2024-10918, which
> consists of 3 different upstream patches. Most of the heavy work has been
> completed [3]. I also had conversations with the upstream developer, to see
> if they would be interested in collaborating to get this fixed, but they are
> not available at the moment.
> 
> An additional round of review & testing should be good to have before
> uploading. I don’t plan to keep working on this package in the next month.
> Other people should take care of the remaining steps to fix this CVE in the
> ELTS releases.

I'm happy to pick this up. Please unclaim libmodbus in ela-needed.txt
or simply ack that it's ok if I hijack it from you there.

> 
> regards.
> 
> [1] https://www.freexian.com/lts/
> [2] https://www.freexian.com/lts/debian/#sponsors
> [3] https://salsa.debian.org/lts-team/packages/libmodbus/-/blob/debian/jessie-security/debian/patches/CVE-2024-10918.patch
> 
> 

Regards,
Andreas Henriksson
Reply to: