Hi, here are some remarks about my work on LTS and ELTS in April 2025. - zfs-linux (LTS) DLA 4114-1 fixing CVE-2013-20001 and CVE-2023-49298 has been released by the beginning of the month. - ruby-saml (LTS) DLA 4115-1 fixing CVE-2025-25291/CVE-2025-25292 and CVE-2025-25293 has been released by the beginning of the month. - u-boot (LTS) After testing the prepared changes, DLA 4150-1 has been released fixing CVE-2022-34835, CVE-2022-33967, CVE-2022-33103, CVE-2022-30790/CVE- 2022-30552, CVE-2022-30767, CVE-2022-2347, CVE-2024-57254, CVE-2024- 57255, CVE-2024-57256, CVE-2024-57257, CVE-2024-57258, and CVE-2024- 57259. - nagvis (LTS) DLA-4149-1 fixing CVE-2021-33178, CVE-2022-3979, CVE-2022-46945, CVE- 2023-46287, CVE-2024-13722, CVE-2024-13723, and CVE-2024-47093 has been released. I also began looking into backporting nagvis in the future, which makes more sense due to the high amount of security related fixes which often are not assigned a CVE number. - libreoffice (LTS) An upload has been prepared that will fix CVE-2025-1080 and CVE-2025- 2866. The tests during build succeed, which is a good sign. The package will undergo a quick user test, and the DLA can be expected within the next days. - mysql-connector-python (ELTS) ELA-1413-1 fixing CVE-2019-2435, CVE-2024-21272, and CVE-2025-21548 has been released after I was finally able to fix and run the testsuite. I started looking into the remaining issues. Thanks to Roberto and Adrian for looking into the suspected patches and providing feedback. - misc I documented my findings regarding the test-suites of zfs-linux and mysql-connector-python, and I've added patch links I found to the security tracker. - Boowkorm PUs Unfortunately, no progress was made with the PU for fort-validator. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part