Debian LTS and ELTS report: February 2025
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in March 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
LTS
===
nginx
I have uploaded an update for nginx fixing CVE-2025-23419 and
CVE-2024-7347 that I have previously prepared last month. Since Jan,
the Debian maintainer, uploaded a stable update fixing CVE-2025-23419,
in order to avoid regressions for users upgrading from bullseye I
needed to prepare an upload fixing the other bug.
This has been approved, and I uploaded another nginx package version
into proposed-updates.
mbedtls
I started work on an update to mbedtls.
There are a bunch of CVEs that the most recent 2.16 version fixes, but it also
brings a few updates that have previously been questioned by the release
team (https://bugs.debian.org/1006169#20). Instead, I took a route of
cherry-picking the relevant fixes only.
This is still a work in progress at the moment.
ELTS
====
I haven’t done anything for ELTS this month.
--
Cheers,
Andrej
Reply to: