LTS: e2fsprogs: - Enabled the upstream tests during the build. - Released DLA-3910-1, fixing CVE-2022-1304.
fcgiwrap: - Discussed and documented that the CVE-2024-32004/git regression does not affect <= bullseye. ikiwiki-hosting: - Discussed and documented that the CVE-2024-32004/git regression does not affect <= bullseye. libgsf: - Released DLA-3911-1, fixing CVE-2024-36474 and CVE-2024-42415. mediawiki: - Determined that CVE-2024-47913 (sole unfixed CVE) does not affect bullseye. python-cryptography: - Determined that CVE-2024-26130 does not affect bullseye or buster. - Released DLA-3922-1, fixing CVE-2023-23931 and CVE-2023-49083. - Fixed CVE-2023-49083 and CVE-2024-26130 in the bookworm 12.8 point release. ELTS: e2fsprogs: - Enabled the upstream tests during the build. - Released ELA-1196-1, fixing CVE-2022-1304 in buster, stretch and jessie. ffmpeg: - Determined that CVE-2020-20451 was already fixed in buster. - Determined that CVE-2020-22041 was already fixed in buster. - Determined that CVE-2020-22044 was already fixed in buster. - Determined that CVE-2020-22046 was already fixed in buster. - Determined that CVE-2020-22048 was already fixed in buster. - Determined that CVE-2023-49501 does not affect stretch. - Determined that CVE-2024-7055 does not affect <= buster. - Released ELA-1222-1, fixing CVE-2020-22040, CVE-2023-49502 and CVE-2024-32230 in buster and stretch, and CVE-2020-20898, CVE-2020-22051, CVE-2020-22056, CVE-2021-38090, CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2022-48434, CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51798 and CVE-2024-31578 in buster. gtk+2.0: - Released ELA-1202-1, fixing CVE-2024-6655 in buster, stretch and jessie gtk+3.0: - Released ELA-1201-1, fixing CVE-2024-6655 in buster, stretch and jessie libgsf: - Released ELA-1200-1, fixing CVE-2024-36474 and CVE-2024-42415 in buster and stretch libseccomp: - Released ELA-1232-1, fixing CVE-2019-9893 in buster, stretch and jessie libsepol: - Determined that CVE-2021-36084, CVE-2021-36085, CVE-2021-36086 and CVE-2021-36087 (all unfixed CVEs) do not affect jessie. libxml2: - Released ELA-1195-1, fixing CVE-2016-9318 in buster. ntfs-3g: - Released ELA-1197-1, fixing CVE-2023-52890 in buster and stretch. python-cryptography: - Determined that CVE-2020-36242 does not affect buster. - Released ELA-1215-1, fixing CVE-2020-25659 in buster. shadow: - Released ELA-1220-1, fixing CVE-2018-7169, CVE-2023-4641 and CVE-2023-29383 in buster and stretch. vlc: - Released ELA-1194-1, fixing CVE-2024-46461 in buster and stretch.
