Hi, here are some remarks about my work on LTS and ELTS in March 2025.
- zfs-linux (LTS) I've prepared an upcoming DLA fixing CVE-2013-20001 and CVE-2023-49298 and tested the changes in a VM. The DLA is about to be released within the next days. - u-boot (LTS) I've prepared an upcoming DLA fixing CVE-2022-34835, CVE-2022-33967, CVE-2022-33103, CVE-2022-30790/CVE-2022-30552, CVE-2022-30767, CVE- 2022-2347, CVE-2024-57254, CVE-2024-57255, CVE-2024-57256, CVE-2024- 57257, CVE-2024-57258, and CVE-2024-57259. The update will require some more testing before the DLA can happen. - ruby-saml (LTS) I've prepared an upload fixing CVE-2025-25291/CVE-2025-25292 and CVE- 2025-25293. The upload is delayed until I can fix the issues in unstable as well. I'm currently waiting for feedback on this topic. - mysql-connector-python (ELTS) I've prepared patches to fix CVE-2019-2435, CVE-2024-21272, and CVE- 2025-21548. I had to create a special environment and fix the test suite to be able to make some test runs. It is unclear if the remaining issues can be fixed as well. Some more testing is required before the ELA can happen. - misc I spent a bit of time researching some other packages in LTS and ELTS like odoo, libmodbus, mina. I didn't take them for different reasons, but added the patch links to the security tracker and some notes for fellow contributors in case they want to take them. - Boowkorm PUs There was little progress with the PU for fort-validator. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
signature.asc
Description: This is a digitally signed message part
