LTS: apr: - Determined that CVE-2023-49582 (sole unfixed CVE) does not affect the binary package in bullseye.
ghostscript: - Determined that CVE-2024-46952 does not affect <= bullseye. - Released DLA-3965-1, fixing CVE-2024-46951, CVE-2024-46953, CVE-2024-46955 and CVE-2024-46956. glib2.0: - Released DLA-3962-1, fixing CVE-2024-52533. guix: - Released DLA-3959-1, fixing CVE-2024-52867. libarchive: - Released DLA-3950-1, fixing CVE-2021-36976, CVE-2022-26280, CVE-2022-36227 and CVE-2024-20696. python3.9: - Determined that CVE-2020-27619 was already fixed. - Released DLA-3980-1, fixing CVE-2015-20107, CVE-2020-10735 CVE-2021-3426, CVE-2021-3733, CVE-2021-3737, CVE-2021-4189, CVE-2021-28861, CVE-2021-29921, CVE-2022-42919, CVE-2022-45061, CVE-2023-6597, CVE-2023-24329, CVE-2023-27043, CVE-2023-40217, CVE-2024-0397, CVE-2024-0450, CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088, CVE-2024-9287 and CVE-2024-11168. - Submitted a package fixing CVE-2023-27043, CVE-2024-6923 CVE-2024-7592, CVE-2024-9287 and CVE-2024-11168 in the next bookworm point release. - Due to a binary-all FTBFS of the first upload the DLA was published in December, but most work was done in November. rclone: - Determined that CVE-2024-52522 (sole unfixed CVE) does not affect <= bullseye. redis: - Determined that CVE-2024-31449 does not affect the binary package in bullseye. - Released DLA-3973-1, fixing CVE-2022-35977 and CVE-2024-31228. - Submitted a package fixing CVE-2024-31227, CVE-2024-31228 and CVE-2024-31449 in the next bookworm point release. waitress: - Backported changes to run the upstream test suite at build time. - Released DLA-3955-1, fixing CVE-2024-49769. ELTS: apr: - Determined that CVE-2023-49582 (sole unfixed CVE) does not affect the binary package in buster, stretch or jessie. ghostscript: - Determined that CVE-2024-46954 does not affect <= buster. - Backported the autopkgtest to stretch and jessie. - Released ELA-1243-1, fixing CVE-2024-46951, CVE-2024-46953, CVE-2024-46955 and CVE-2024-46956 in buster, stretch and jessie. glib2.0: - Released ELA-1240-1, fixing CVE-2024-52533 in buster, stretch and jessie. libarchive: - Released ELA-1233-1, fixing CVE-2024-20696 in buster, stretch and jessie. qtbase-opensource-src: - Determined that CVE-2023-51714 does not affect jessie. - Determined that CVE-2024-39936 does not affect stretch or jessie. - Fixed the build on i386 and armhf in buster, where the previous DLA was never successfully built. - Released ELA-1239-1, fixing CVE-2023-34410 in buster, stretch and jessie, and CVE-2023-24607, CVE-2023-32763, CVE-2023-33285, CVE-2023-37369 and CVE-2023-38197 in jessie. redis: - Determined that CVE-2024-31227 does not affect <= buster. - Determined that CVE-2024-31449 does not affect jessie. - Determined that CVE-2024-31449 does not affect the binary package in buster. - Backported the autopkgtest to jessie. - Released ELA-1253-1, fixing CVE-2022-35977, CVE-2023-25155 and CVE-2024-31228 in buster, stretch and jessie, CVE-2022-36021 in stretch and jessie, and CVE-2024-31449 in stretch. waitress: - Released ELA-1236-1, fixing CVE-2024-49769 in buster.
