I've worked during October on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS === Ansible ----------- I Fix CVE-2024-11079 I am Investigating autopkgtest failure gstreamer --------------- I Fix CVE-2024-47537 I Release DLA-3994-1 gst-plugin-base1.0 --------------------------- I Relase DLA-3999-1 fixing CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 tcpdf -------- I Help bunk with CVE-2024-22640 libxtream-java ---------------------- I Fix CVE-2021-43859 and CVE-2024-47072 I Relase DLA-4001-1 I Propose PU #1091084 cacti ------- bookworm fix CVE-2024-43362, CVE-2024-43363 Backport to bullseye Update embded purify.js fixing CVE-2024-45801, CVE-2024-47875, CVE-2024-48910 Waiting for review node-postcss -------------------- I Backport fix of CVE-2023-44270 and CVE-2024-55565 I Detect that nanoid was also embeded in mocha/bullseye I Propose PU I Release DLA 4003-1 ELTS ==== apache2 ------------ I attempted to fix CVE-2024-38473 and regression for stretch. Backport was hard due to massive code change. I am going to investigate regression in uwsgi, maybe unrelated python3.5 --------------- Following previous month work I Release ELA-1262-1 python3.4 --------------- I fix CVE-2024-6923 and CVE-2024-7592 CVE-2024-6923 CVE-2024-9287 CVE-2024-11168 I release Release ELA-1267-1 mariadb-10.1 ------------------- I Release ELA-1265-1 python2.7 --------------- I fix fix test suite and get a the test suite pass. libxtream-java --------------------- I Fix CVE-2021-43859 and CVE-2024-47072 for buster I Found that it FTFBS due to package ca-certificates-java and I propose a patch for fixing this. zookeeper --------------- I release PU fixing all CVEs openned I Triaged CVE-2024-23944 as ignored after a risk analysis ca-certificates-java --------------------------- Backport fixes from bullseye of #1039472 Discover that it fail to build due to self depends and propose a way to solve this problem. proftp-dfsg ---------------- I Backport stretch and buster fixes I wait for kex test suite gstreamer --------------- Fix CVE-2024-47537 Release ELA-1281-1 gst-plugin-base(1.0|0.10) ------------------------------------- Relase ELA-1282-1 fixing CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 Release ELA-1283-1 and triagge remaining CVEs for gst-plugin-base0.10 gstreamer0.10 --------------------- I Confirmed that CVE-2024-47537 does not affects this version Cheers rouca [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors
signature.asc
Description: This is a digitally signed message part.
