Debian LTS and ELTS report - June 2025
I've worked during June 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4213-1 for curl/bullseye to fix CVE-2023-27534
regression.
(https://lists.debian.org/debian-lts-announce/2025/06/msg00011.html)
- Triaged CVE-2025-4598/systemd
- Backported and tested the fix for bullseye.
- Fix is ready, but mailed debian-lts@l.d.o to get feedback about
fixing a stack overflow bug when using CoredumpFilter such as
systemd-run -t --property CoredumpFilter=all ls /tmp.
(https://lists.debian.org/debian-lts/2025/06/msg00035.html)
ELTS
====
- Published ELA-1455-1 for curl/jessie to fix CVE-2023-27534,
CVE-2023-28321 and CVE-2023-28322.
(https://www.freexian.com/lts/extended/updates/ela-1455-1-curl/)
- Published ELA-1068-2 for curl/stretch,buster to fix CVE-2023-27534
regression.
(https://www.freexian.com/lts/extended/updates/ela-1068-2-curl/)
- Started to work on openvpn to fix CVE-2022-0547 and CVE-2024-5594.
Both
====
- Chased down a regression in the upstream fix for CVE-2023-27534
affecting all suites (ELTS, LTS, stable, testing and sid).
(https://github.com/curl/curl/issues/17534)
- Submited a patch upstream to fix the bug
(https://github.com/curl/curl/commit/0ede81dcc61844cecce8904fb4de24319afeb024)
- Applied the fix to all suites but sid/testing.
- samueloph did it for sid/testing (thanks!).
- Submitted bookworm-pu (#1107902).
(https://bugs.debian.org/1107902)
Tooling, Documentation and Misc.
================================
- Improvements to LTS website:
- Fixed LTS website "Installing" page changing a reference from
Buster to Bullseye.
(https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/commit/e4d5381973002d49e935573891d352fbbc942054)
- Add info about current LTS (bullseye) architecture support in FAQ.
(https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/20)
- Attended (E)LTS meeting
Best regards,
Charles
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
Reply to: