Hello everyone, Here’s my monthly report for the work I’ve done for Debian LTS and ELTS in December 2024.
Thanks to Freexian and sponsors for making this possible: https://www.freexian.com/lts/debian/#sponsors LTS === 389-ds-base I have prepared an update for this package fixing a bunch of CVEs, but it hasn’t yet been uploaded pending a review and some co-ordination with the Debian maintainer of the package. Most of the fixes were straightforward cherry-picks, but a few I had to skip as they brought in too much code as dependency, or had massive merge conflicts: * CVE-2024-6237: code dependencies too big for me personally to review, and risk potential regressions elsewhere. Removing them has its own risk as the upstream code hasn’t been tested in such configuration at all. * CVE-2022-1949: similarly as above * CVE-2023-1055: merge conflicts in JSX code, I don’t have sufficient skills to review that, unfortunately. ELTS ==== I haven’t done anything for ELTS yet, but I still plan porting fixes for CVEs from my previous LTS updates to Buster as well. -- Cheers, Andrej
