Hello,
March was my twenty-first month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- python3.9
- Released DLA 4087-1 fixing CVE-2022-0391, CVE-2025-0938 and
CVE-2025-1795. The upstream bug reports were reporting regressions,
but I determined that these were pure test suite regressions, so
went ahead with the fixes.
- vim
- Released DLA 4097-1 fixing CVE-2021-4173, CVE-2021-4187,
CVE-2022-0261, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361,
CVE-2022-0392, CVE-2022-0417, CVE-2022-0572, CVE-2022-1616,
CVE-2022-1785, CVE-2022-1897, CVE-2022-1942, CVE-2022-2000,
CVE-2022-2129, CVE-2022-2304, CVE-2022-3099, CVE-2022-3134,
CVE-2022-3324, CVE-2022-4141, CVE-2023-0054, CVE-2023-1175,
CVE-2023-2610, CVE-2023-4738, CVE-2023-4752, CVE-2023-4781,
CVE-2023-5344, CVE-2024-22667, CVE-2024-43802 and CVE-2024-47814.
- Marked CVE-2025-29768 as not affecting bullseye.
- rubygems
- Started work on an update for four CVEs; looking into a stable-pu
for bookworm, first.
- Correspondence.
ELTS
- emacs24
- Figured out how to do an upstream-style in-tree build so that I
could run the tests for CVE-2022-45939, which are manual, not run as
part of the ordinary build.
This is tricky because Debian's package build is done out-of-tree,
and there are some adjustments to handle how Debian has long split
Emacs into two source packages, due to licensing disagreements.
I documented the steps I figured out on our wiki, and also how I got
to them.
- Released ELA-1340-1 fixing CVE-2022-45939, CVE-2024-53920 and
CVE-2025-1244.
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature