Hi, here are some remarks about my work on LTS and ELTS in January 2025.
- python-tornado (ELTS/LTS) ELA-1287-1 was released for Stretch and Buster fixing CVE-2023-28370 and CVE-2024-52804. - fort-validator (LTS) An update for Buster is almost ready, fixing CVE-2024-45234 .. CVE- 2024-45239. The patch for CVE-2024-48943 is currently being worked on. The DLA is to be expected in February. - trafficserver (LTS) Unfortunately, no clarification about CVE-2024-50306 has been received. There are strong indications, though, that the 8.x series is affected. A DLA will be prepared by the beginning of February. - tryton-server, tryton-client (LTS) DLA 4022-1 was released fixing one vulnerability (without an assigned CVE number. - icinga2 (ELTS) Slow progress has been made with the icinga2 update for Jessie. ELA can be expected in February. - misc (LTS/ELTS) I looked into multiple packages and their open CVEs and searched the patches for the issues reported, but returned them to the pool for different reasons. I reported my findings to the security tracker (and the LTS documentation), though. This includes consul, openafs, snapcast, and percona-toolkit. I also reviewed the proposed upload of python-aiohttp for Buster by jspricke. Due to time constraints, no progress was made with mysql-connector- python this month. - setuptools/python-asyncssh/python-tornado (Bookworm PU) Bookworm PUs for the mentioned packages were accepted and released as part of the Debian 12.9 point release. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
signature.asc
Description: This is a digitally signed message part
