Hello,
September was my sixteenth month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- libsepol
- Released DLA-3930-1 fixing CVE-2021-36084, CVE-2021-36085,
CVE-2021-36086 and CVE-2021-36087.
These problems were all discovered by Google's oss-fuzz project.
It was straightforward to backport upstream's fixes.
- Submitted my notes on running libsepol's test suite to the team
wiki, for the next person to work on this package. It's somewhat
tricky because of how selinux is developed upstream in a single
repository that becomes multiple source packages in Debian.
Fortunately, the build system is straightforward enough that it only
takes a few additional steps to get the test suite running.
- ghostscript
- Released DLA-3931-1 fixing CVE-2024-29508.
- openssl
- Released DLA-3942-1 fixing CVE-2023-5678, CVE-2024-0727,
CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 and CVE-2024-9143.
- Correspondence.
ELTS
- libsepol
- Released ELA-1209-1 fixing CVE-2021-36084, CVE-2021-36085,
CVE-2021-36086 and CVE-2021-36087.
- openssl
- Started work on an ELA for openssl fixing CVE-2023-5678,
CVE-2024-0727, CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 and
CVE-2024-9143.
--
Sean Whitton
