LTS: glibc: - First part of work released as DLA-3807-1 in May.
gtkwave: - DLA-3785-1 and DSA-5653-1 were released in April, but the actual work was done and submitted for review in March. pillow: - Determined that CVE-2021-25291 does not affect buster. - Released DLA-3786-1, fixing CVE-2024-28219. ruby-rack: - Released DLA-3800-1, fixing CVE-2024-25126, CVE-2024-26141 and CVE-2024-26146. - These fixes were also uploaded to unstables and submitted for bullseye and bookworm. trafficserver: - Released DLA-3799-1, fixing CVE-2024-31309. zabbix: - Determined that CVE-2022-40626 does not affect <= bullseye - Released DLA-3798-1, fixing CVE-2024-22119. xorg-server: - Released DLA-3787-1, fixing CVE-2024-31080, CVE-2024-31081 and CVE-2024-31083. ELTS: glibc: - First part of work released as ELA-1087-1 in May for jessie and stretch openexr: - Determined that CVE-2024-31047 does not affect the binary packages in stretch or buster. pillow: - Released ELA-1079-1, fixing CVE-2024-28219 in jessie and stretch. ruby-rack: - Determined that CVE-2024-25126 does not affect jessie or stretch. - Released ELA-1081-1, fixing CVE-2024-26141 and CVE-2024-26146 in stretch. zabbix: - Determined that CVE-2024-22119 (sole remaining not ignored CVE) does not affect jessie or stretch. xorg-server: - Released ELA-1072-1, fixing CVE-2024-31080, CVE-2024-31081 and CVE-2024-31083 in jessie and stretch.
