I've worked during May 2025 on the below listed packages, for Freexian LTS/ELTS [1] Many thanks to Freexian and sponsors [2] for providing this opportunity! abseil ====== (Follow up on the work from April), abseil has been fixed in stable as well, via the stable-proposed-updated mechanism, and a fixed abseil package is available with Debian 12.11 (See #1102135) simplesamlphp (ELA-1422-1, DLA 4161-1) ====================================== Following up on the work from April, ELA-1422-1 and DLA 4161-1 - targeting buster - has been released. A challenge on this package was to properly test the changes, and for that I've set up several VMS to provide Identity Provider and Service Provider roles. Additionally, there was an issue to be solved with the web interface not loading after admin login. (The issue was present without the patches as well), so this took some time to find a solution for this issue. Also I've adressed stable, currently pending as a stable-proposed-update, filed as #1105113. intel-microcode (ELA-1425-1, DLA 4170-1) ======================================== Intel released microcode updates, targeting in total 12 CVEs. Those updates have been included into the LTS and ELTS intel-microcode packages. Please refer to the announcements for details on the CVEs. kitty (DLA-4203-1) ================== For bookworm, I've targeted CVE-2022-41322 and triaged CVE-2025-43929, with the result that this CVE does not impact the version in bullseye, as the vulnerable feature have been introduced later. I've also triaged it for buster, but on that version, both CVEs are caused by features not available in that version. [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
Attachment:
signature.asc
Description: PGP signature