Hello, I've worked during April 2025 on the below listed packages, for Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity! LTS === - Published DLA-4117-1 for atop/bullseye to fix CVE-2025-31160. (https://lists.debian.org/debian-lts-announce/2025/04/msg00013.html) ELTS ==== - Triaged CVE-2024-2398/curl and CVE-2024-8096/curl. - Backported and tested the fixes for buster and stretch. - Published ELA-1386-1 for curl/buster,stretch to fix CVE-2024-2398 and CVE-2024-8096. (https://www.freexian.com/lts/extended/updates/ela-1407-1-curl/) - Published ELA-1386-1 for atop/buster to fix CVE-2025-31160. (https://www.freexian.com/lts/extended/updates/ela-1386-1-atop/) Both ==== - Triaged CVE-2025-31160/atop. - Backported and tested the fixes for bullseye and buster. - Triaged CVE-2025-32460/graphicsmagick. - Does not affect bullseye and older. (https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2131e59bb768f70e794cd47aa300f14c2f85f192) - Triaged CVE-2024-11053/curl. - Does not affect bullseye and older. (https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10e119d863ce97d242080104093b9027c492600) Tooling and Documentation ========================= - devscripts - Pushed Bunk's patch to bump the LTS version to bullseye in debchange (dch). (https://salsa.debian.org/debian/devscripts/-/commit/42aa6d69f966db31e4e4d7f9b8a093f214b0af31) - lts-team.pages.debian.net - Clarified the information about updating package DB. (https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/17) - Updated debian/curl to have up-to-date ELTS branches and archived lts-team/packages/curl. (https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/205) Best regards, Charles [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors
