I've worked during October on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS === ruby2.7 ---------- * I Clarified with upstream status of CVEs and commit fixing the CVES * I fix CVE-2024-35176, CVE-2024-41946, CVE-2024-49761, CVE-2024-43398 * Fix SALSA CI * I Backported CVE-2024-39908 fixes and CVE-2024-41123 * I Investigated CVE-2025-0306 and clarify that fixing this CVE will need openssl backport * I Released DLA node-mocha ------------------ Backport fixes of component nanoid fix CVE-2021-23566 CVE-2024-55565. DLA 4013-1 node-postcss ------------------- I do a PU upload for fixing CVE-2021-23566 CVE-2024-55565 following previous DLA libreoffice -------------- I Backported CVE-2024-12425 and CVE-2024-12426 I fixed build failure under pbuilder I Released DLA 4020-1 ELTS ==== ca-certificates-java --------------------------- ca-certificates-java failed to install. Fix it and release ELA-1285-1 libreoffice --------------- I backported CVE-2024-12425 and CVE-2024-12426 from buster to jessie. As usual progress with this package is slow due to massive code changes particularly with jessie that is EOL upstream and in other distributions. I released ELAs ruby2.5 ---------- backport rexml gem from bullseye. Patching was too risky and difficult Fix a regression under ruby2.5 Note that Progress is slow due to syntax change I Released ELA-1305-1 Common task ============ I was on FD duty, triaged a few CVEs and help security team to found commit fixing security issues I attempt monthly meeeting Cheers rouca [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors
signature.asc
Description: This is a digitally signed message part.
