Hi, I am funded by Freexian SARL and thus reporting about my work in February 2023.
(E)LTS ====== I promised an update of heimdal since December. We finally are there. The thing that took us so long was CVE-2022-45142 and you can get the details from https://www.openwall.com/lists/oss-security/2023/02/08/1. The update has finally been released to all suites from jessie to unstable. Much thanks to Salvatore Bonaccorso for his support through all of this. I also promised an update of sox. This was special, because rather than porting fixes, I had to come up with them on my own. It turned out that what I thought to be a new vulnerability in my January report turned out to be an integer overflow I happened to insert myself. Since this was only very briefly in unstable (-3.1), there is no separate CVE. Yet, these sox vulnerabilities are now fixed in all suites from jessie to unstable. Debian ====== * I filed 9 FTCBFS patch and helped including existing ones in the Qt6 stack. * I worked with the CTTE (mostly recruiting and keeping up to date with /usr-merge) and participated in the monthly meeting. * I continued maintaining rebootstrap (e.g. loong64 and musl updates). * I polished debvm for bookworm and it now supports --initsystem. Helmut
