During the month of February 2024 and on behalf of Freexian, I worked on the following:
gnutls28 -------- Uploaded 3.6.7-4+deb10u12 and issued DLA-3740-1 https://lists.debian.org/msgid-search/?m=zdxck-hkepfc8...@debian.org * CVE-2024-0553: Timing side-channel attack in the RSA-PSK key exchange. nodejs ------ * Backported upstream fix for CVE-2024-22025 (DoS by resource exhaustion in fetch() brotli decoding) and fixed the upstream test suite. * Started working on a fix for CVE-2023-46809 (Marvin Attack, timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) but this is still work in progress. dask.distributed ---------------- * Fix failing DEP-8 tests for buster. * Started working on a fix for CVE-2021-42343 but didn't upload yet. Thanks to the sponsors for financing the above, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
