E?LTS report

To: debian-lts@lists.debian.org
Subject: E?LTS report
From: Bastien Roucaries <rouca@debian.org>
Date: Thu, 01 May 2025 00:22:17 +0200
Message-id: <[🔎] 13893197.DAOxP5AVGn@debian-ei>

I've worked during April on the below listed packages, for Freexian
LTS/ELTS [1]

Many thanks to Freexian and our sponsors [2] for providing this opportunity!

LTS
===

ruby3.1
-----------
I Fix bookworm opened CVE by uploading a new version
I Investigated why gems are not build, and fixed the problems.

twitter-bootstrap3
--------------------------

I  Fix cve-2024-6484/cve-2024-6485 for sid
I Propose a PU for bookworm
I Relase DLA-4124-1

twitter-bootstrap4
----------------------------

I Fix CVE-2024-6531 by creating a patch
I Release DLA-4125-1
I fix Sid
I Propose a PU

wpa
------

I propose a bookworm PU fixing CVE-2022-37660
I fix CVE-2022-37660/CVE-2022-23304/CVE-2022-23303 bullseye
I Release DLA 4123-1

erlang
----------

I Fix bookworm CVE-2023-48795/CVE-2025-26618/CVE-2025-30211 and propose a PU
I Backport fixes to bullseye
I Fix CVE-2025-32433 (RCE CVCSS 10)
I Release DLA-4132-1

ELTS
====

ruby2.1
-----------

I Release ELA-1381-1 fixing CVE-2025-27219, CVE-2025-27220, CVE-2025-27221

ruby2.3
-----------

I Release ELA-1374-1 fixing CVE-2025-27219, CVE-2025-27220, CVE-2025-27221

proftpd/stretch
----------------------

I investigate regression with beuc
I document how to test sftp on stretch
I Rewrite and backport pr_str_text_to_array
I relase ELA-1343-2 thanks to Lucas Kanashiro

postgresSQL/buster,stretch
---------------------------------------

I Backport CVE-2025-1094 fixes
I Fix testsuite due to tzdata changes
I Release ELA-1398-1
I Backport to strech and wait review

wpa
-------

I propose a backport for buster from bullseye

erlang
----------

I Backported CVE-2023-48795/CVE-2025-26618/CVE-2025-30211 fix to buster and 
stretch
I Release ELA-1387-1 erlang

twitter-bootstrap3
---------------------------

I Backported to buster and stretch
I Fix jessie by backporting stretch

Other
=====

I attend montly meeting.

I was FD

A special thanks to santiago, beuc, kanashiro and roberto for testing.

Cheers

rouca

[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Re: Xen 4.17 LTS
Previous by thread: Debian LTS and ELTS report for April 2025
Index(es):
- Date
- Thread