Debian LTS and ELTS report: February 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: February 2025
From: "Andrej Shadura" <andrewsh@debian.org>
Date: Mon, 31 Mar 2025 21:55:28 +0200
Message-id: <[🔎] 3ab28523-1347-4061-b4f1-7d0fb251c934@app.fastmail.com>

Hello everyone,

Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in March 2025.

Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors

LTS
===

nginx

  I have uploaded an update for nginx fixing CVE-2025-23419 and
  CVE-2024-7347 that I have previously prepared last month. Since Jan,
  the Debian maintainer, uploaded a stable update fixing CVE-2025-23419,
  in order to avoid regressions for users upgrading from bullseye I
  needed to prepare an upload fixing the other bug.
  This has been approved, and I uploaded another nginx package version
  into proposed-updates.

mbedtls

  I started work on an update to mbedtls.
  There are a bunch of CVEs that the most recent 2.16 version fixes, but it also
  brings a few updates that have previously been questioned by the release
  team (https://bugs.debian.org/1006169#20). Instead, I took a route of
  cherry-picking the relevant fixes only.
  This is still a work in progress at the moment.

ELTS
====

I haven’t done anything for ELTS this month.

-- 
Cheers,
  Andrej

Reply to:

Prev by Date: Debian LTS and ELTS -- March 2025
Next by Date: Re: bson CVEs in (E)LTS
Previous by thread: Debian LTS and ELTS -- March 2025
Index(es):
- Date
- Thread