Hello,
This is my January 2025 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
====
I worked on 1 LTS package this month: frr
Some highlights:
* worked with upstream developers to backport and test a fix for CVE-2024-55553
* released DSA-4029-1 [3] for frr
Please note, that Debian Bookworm stable is also vulnerable to CVE-2024-55553. A
patch was generated (and tested) to fix it, and a debdiff was submitted to the
security team, but they rejected it because they had other plans.
ELTS:
====
I worked on 2 ELTS packages this month: activemq and frr.
Some highlights:
* released ELA-1330-1 [4] for frr
* CVE-2023-46604/activemq -- patch backported, and round of reviews completed
* CVE-2018-11775/activemq -- patch backported, and round of reviews completed
I don’t plan to keep working on activemq in the next months. Other people should
take care of the upload and create the ELA.
regards.
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
[3] https://lists.debian.org/debian-lts-announce/2025/01/msg00023.html
[4] https://www.freexian.com/lts/extended/updates/ela-1300-1-frr/
