I've worked during october on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
firmware-nonfree
--------------------------
I triaged and propose propose posponed for newer issue and remove from dla-needed, due to low impact and follow bookworm/trixie
pgpool2
-------------
I analysed backport and fail to patch due to missing MAIN macro. I proposed a backport
by Replacing it by old equivalent MASTER macro
I fixed tests thanks to myon
I released DLA 4334-1
libphp-adodb
-------------------
I Found that for old version CVE-2025-54119 affect legacy version driver sqlite
I patched it and released DLA-4340-1
imagemagick
--------------------
I investigated a potential regression found on ubuntu. Fix was made on debian
I triaged CVE-2025-62171
I Fix CVE-2025-62171 for sid, trixie, bookworm
I Fix CVE-2025-62171 for bullseye and release DLA-4339-1
I propose a PU for fixing trixie
zabbix
----------
I triaged bug and add commit fixing problems
I update patches and try new version
I am working with previous DLA comitter (ta) to may be do a full backport
dnsdist
----------
I triaged remaining CVE
I propose a PU for trixie
I propose fixes for bookworm
fixes for CVE-2023-44487 need forward ported h2o fixes
I proposed to EOL dnsdist for bookworm and older with maintainer, due to lack of upstream support
squid
--------
I backported fixes for CVE-2025-62168 (CVSS10) and release a DSA. DLA is under the way with more testing needed
ELTS
====
freeipa
----------
I release ELA-1534-1
squid
--------
I backported from bullseye
imagemagick
--------------------
I Release ELA-1545-1 fixing CVE-2025-62171
libphp-adodb
-------------------
I found that for old version CVE-2025-54119 affect legacy version driver sqlite
I release ELA-1546-1 fixing CVE-2025-54119
nginx
--------
I Release ELA fixing CVE-2024-33452, CVE-2024-7347, CVE-2025-23419
ca-certificates
--------------------
I try to fix gcc6/stretch
adminer
------------
I try to clarify impact with upstream of CVE-2025-43960
Determined that this CVE is unimportant for Debian
icedtea-web
-----------------
I fix CVE-2019-1018{1,2,5}
Release ELA-1553-1
node-form-data
-----------------------
I fix CVE-2025-7783
tomcat9
------------
fix sid to be more recent then bullseye
debug FTBFS for buster
Add changelog and NEWS
Thanks to apo for long discussion about this package
Wait review test for DLA
jetty9
---------
Triage CVE
Determine by code analysis that they are nothing to do
CVE-2024-13009 should be ignored like CVE-2020-27218
CVE-2025-5115 is not affected for stretch
mariadb-10.1
------------------
Determine that CVE-2023-529(69|70) is too hard to backport. Code is fragile, more than 60ko patches. Impact is low (DoS)
mariadb10.1 is not affected by CVE-2023-52968 because functionality was introduced later
dnsroot
-----------
determine that action should be done before july
coordinate with dnsroot maintainer
Other
=====
I add ENISA tracker to security tracker in order to help our european user
I attend monthly meeting
I attend security tracker meeting
Cheers
rouca
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsorsAttachment:
signature.asc
Description: This is a digitally signed message part.