[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(E)LTS report for May 2025



I've worked during May 2025 on the below listed packages, for
Freexian LTS/ELTS [1]

Many thanks to Freexian and sponsors [2] for providing this opportunity!

abseil
======

(Follow up on the work from April), abseil has been fixed in stable as
well, via the stable-proposed-updated mechanism, and a fixed abseil
package is available with Debian 12.11 (See #1102135)

simplesamlphp (ELA-1422-1, DLA 4161-1)
======================================

Following up on the work from April, ELA-1422-1 and DLA 4161-1 -
targeting buster - has been released. 

A challenge on this package was to properly test the changes, and for
that I've set up several VMS to provide Identity Provider and Service
Provider roles. Additionally, there was an issue to be solved with the
web interface not loading after admin login. (The issue was present
without the patches as well), so this took some time to find a solution
for this issue.

Also I've adressed stable, currently pending as a
stable-proposed-update, filed as #1105113.


intel-microcode (ELA-1425-1, DLA 4170-1)
========================================

Intel released microcode updates, targeting in total 12 CVEs.
Those updates have been included into the LTS and ELTS intel-microcode
packages.

Please refer to the announcements for details on the CVEs.


kitty (DLA-4203-1)
==================

For bookworm, I've targeted CVE-2022-41322 and triaged CVE-2025-43929,
with the result that this CVE does not impact the version in bullseye,
as the vulnerable feature have been introduced later.

I've also triaged it for buster, but on that version, both CVEs are
caused by features not available in that version.


[1]  https://www.freexian.com/lts/ [2]
https://www.freexian.com/lts/debian/#sponsors

Cheers, 
-- 
tobi

Attachment: signature.asc
Description: PGP signature


Reply to: