Hi,
I was working on three packages this month.
For pdns-recursor in Buster, I added patches for CVE-2020-14196 and
CVE-2020-25829. Unfortunately, the upload is currently still blocked by
#1067124. Thus, no DLA has been issued yet.
I also prepared patches for dnsmasq in Buster to fix CVE-2019-14
I've worked during mars on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
composer
--
I triaged #1063603/CVE-2024-24821 and confirmed that this CVE does not affect
buster.
I backported local
During the month of March 2024 and on behalf of Freexian, I worked on the
following:
phpseclib
-
Uploaded 1.0.19-3~deb10u3 and issued DLA-3749-1.
https://lists.debian.org/msgid-search/?m=zeck08zg6y-jz...@debian.org
* CVE-2024-27354: An attacker can construct a malformed certificate
