During the month of January 2025 and on behalf of Freexian, I worked on the following:
python-reportlab ---------------- Uploaded 3.1.8-3+deb8u3 (jessie) and issued ELA-1289-1. https://www.freexian.com/lts/extended/updates/ela-1289-1-python-reportlab/ * CVE-2019-19450: Code injection in paraparser.py allows code execution * CVE-2020-28463: Server-side request forgery via <img> tags. opensc ------ 0.23.0-0.3+deb12u2 was accepted into Bookworm (12.9) python-urllib3 -------------- 1.26.12-1+deb12u1 was accepted into Bookworm (12.9) sqlparse -------- 0.4.2-1+deb12u1 was accepted into Bookworm (12.9) sssd ---- Uploaded 1.15.0-3+deb9u3 (stretch) and 1.16.3-3.2+deb10u3 (buster) and issued ELA-1315-1. https://www.freexian.com/lts/extended/updates/ela-1315-1-sssd/ * CVE-2018-10852: Information leak from the sssd-sudo responder. * CVE-2018-16838: Improper implementation of GPOs due to too restrictive permissions. * CVE-2019-3811: Fallback_homedir returns '/' for empty home directories in passwd file. * CVE-2023-3758: Race condition during authorization leads to GPO policies functioning inconsistently. (1.16.3-3.2+deb10u3 only contains the fix for CVE-2023-3758 as the previous version was already immune to the other issues.) Also, started working on an upload to bullseye-security, but didn't finalize yet. Thanks to the sponsors for financing the above, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
