Hi everyone,
in December I manually tested CVE-2023-50387 and CVE-2023-50868 ("keytrap" and
"NSEC3" security issues) in dnsmasq buster and released it. For bookworm I
uploaded the package fixing those CVEs to the stable-updates queue. I was able
to validate that dnsmasq stretch is also affected and prepared a release for it.
However, I ran into issues preparing the autopkgtest VM (which was unbootable),
and then later in running the autopkgtests (which failed, even before the patches).
I also prepared an ansible-core update for bookworm, importing the bugfix
release 2.14.18 (which fixes CVE-2024-8775 and CVE-2024-9902), and also manually
patched CVE-2024-11079. For ansible bullseye I also started patching the latter CVE.
Thanks to our sponsors for financing this work, and to Freexian for
coordinating!
Regards,
Lee Garrett,
Debian LTS Team
