After completing on-boarding in November, I've worked during December on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS: ==== - virglrenderer -- DLA 3232-1, fixing CVEs: CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 CVE-2020-8002 CVE-2020-8003 CVE-2022-0135 - pngcheck -- DLA-3238-1, fixing CVE-2020-35511 - libde265 -- DLA-3240-1, fixing CVE-2020-21599 CVE-2021-35452 CVE-2021-36408 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 - multipath-tools -- DLA-3250-1, fixing CVE-2022-41973 CVE-2022-41974 ELTS: ===== - libde265 -- ELA-755-1, fixing CVE-2020-21599 CVE-2021-35452 CVE-2021-36409 CVE-2021-36410 CVE-2021-36411 - exempi -- ELA-758-1, fixing CVE-2017-18233 CVE-2017-18234 CVE-2017-18235 CVE-2017-18236 CVE-2017-18237 CVE-2017-18238 CVE-2018-7728 CVE-2018-7729 CVE-2018-7730 CVE-2018-7731 CVE-2018-12648 CVE-2021-36045 CVE-2021-36046 CVE-2021-36047 CVE-2021-36048 CVE-2021-36050 CVE-2021-36051 CVE-2021-36052 CVE-2021-36053 CVE-2021-36054 CVE-2021-36055 CVE-2021-36056 CVE-2021-36057 CVE-2021-36058 CVE-2021-36064 CVE-2021-39847 CVE-2021-40716 CVE-2021-40732 CVE-2021-42528 CVE-2021-42529 CVE-2021-42530 CVE-2021-42531 CVE-2021-42532 - bluez-firmware -- triaging with the result that jessie/stretch/buster is not affected. - libapreq2 -- triaging and trying to isolate the required patch. (waiting for feedback from upstream.) - modsecurity-crs -- started to prepare a fix for several open CVEs, will be continued in January. [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/services/debian-lts.html#sponsors -- tobi
signature.asc
Description: PGP signature
