Hello, March was my twenty-first month working on LTS and ELTS. Thank you to Freexian and Freexian's sponsors for making these projects possible: <https://www.freexian.com/lts/debian/#sponsors> LTS - python3.9 - Released DLA 4087-1 fixing CVE-2022-0391, CVE-2025-0938 and CVE-2025-1795. The upstream bug reports were reporting regressions, but I determined that these were pure test suite regressions, so went ahead with the fixes. - vim - Released DLA 4097-1 fixing CVE-2021-4173, CVE-2021-4187, CVE-2022-0261, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0417, CVE-2022-0572, CVE-2022-1616, CVE-2022-1785, CVE-2022-1897, CVE-2022-1942, CVE-2022-2000, CVE-2022-2129, CVE-2022-2304, CVE-2022-3099, CVE-2022-3134, CVE-2022-3324, CVE-2022-4141, CVE-2023-0054, CVE-2023-1175, CVE-2023-2610, CVE-2023-4738, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2024-22667, CVE-2024-43802 and CVE-2024-47814. - Marked CVE-2025-29768 as not affecting bullseye. - rubygems - Started work on an update for four CVEs; looking into a stable-pu for bookworm, first. - Correspondence. ELTS - emacs24 - Figured out how to do an upstream-style in-tree build so that I could run the tests for CVE-2022-45939, which are manual, not run as part of the ordinary build. This is tricky because Debian's package build is done out-of-tree, and there are some adjustments to handle how Debian has long split Emacs into two source packages, due to licensing disagreements. I documented the steps I figured out on our wiki, and also how I got to them. - Released ELA-1340-1 fixing CVE-2022-45939, CVE-2024-53920 and CVE-2025-1244. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature