Hi,
I am funded by Freexian SARL and thus reporting about my work in October
2023.
I reviewed the patch for CVE-2023-44487 in h2o backported by Anton
Gladky regarding the ABI break in the shared library. Here, the
difficulty arises from the need to add runtime state to an exported
structure (whic
Hi,
I am funded by Freexian SARL and thus reporting about my work in
September 2023. In previous months I worked on other topics than LTS. I
no longer include funding aspects here to avoid duplication with the
Freexian funding blog, so this is just about LTS/ELTS.
In September, I uploaded python2
Hi,
I am funded by Freexian SARL and thus reporting about my work in
April 2023.
(E)LTS
==
I issued DLA-3393-1 and ELA-836-1 for protobuf in buster, stretch and
jessie. In that process, I deemed three out of six vulnerabilities (all
being denial of service conditions in the Java implementati
Hi,
I am funded by Freexian SARL and thus reporting about my work in
March 2023.
(E)LTS
==
I issued a regression update for my previous security update of sox for
all suites. Thanks to the security team for coordination and doing the
stable part.
I issued a security update for joblib to all
Hi,
I am funded by Freexian SARL and thus reporting about my work in
February 2023.
(E)LTS
==
I promised an update of heimdal since December. We finally are there.
The thing that took us so long was CVE-2022-45142 and you can get the
details from https://www.openwall.com/lists/oss-security/2
Hi,
I am funded by Freexian SARL and thus reporting about my work in January
2023.
LTS
===
I issued DLA-3265-1 for exiv2 fixing 26 CVEs. I continued the heimdal
saga. We finally have an embargo deadline being February 8th. I started
working on sox. The embargo for sox will end tomorrow. Stay tu
Hi,
I am funded by Freexian SARL and thus reporting about my work in
December 2022.
LTS
===
* I issued DLA-3223-1 for giflib.
* I reviewed the joblib DLA and reopened it.
* I issued DLA-3226-1 for cgal.
* I issued DLA-3233-1 for leptonlib.
* I started working on exiv2, but ran out of time.
* I s
Hi,
I am funded by Freexian SARL and thus reporting about my work in
November 2022.
LTS
===
I issued DLA-3204-1 for vim and DLA-3214-1 for libraw. These took care
of all outstanding issues including no-dsa ones at the time of their
release.
ELTS
I finished my work on the glibc update, whi
Hi,
I am funded by Freexian SARL and thus reporting about my work in
October 2022.
LTS
===
I issued DLA-3133-1 for lighttpd fixing a denial of service
vulnerability in buster.
I issued DLA-3152-1 for glibc fixing 14 CVEs in buster and triaged a few
more. Thus far one regression has surfaced. P
Hi Sylvain,
On Wed, Oct 12, 2022 at 03:45:11PM +0200, Sylvain Beucler wrote:
> I'll give it some testing on my buster system.
Thank you. I take the absense of a further reponse as "nothing broke".
> A couple things I noticed right now:
>
> - dist in debian/changelog should be 'buster-security'
Hi,
I've prepared a LTS update for glibc and seek people testing it. Builds
for amd64 and armfh as well as a .debdiff are available from
http://subdivi.de/~helmut/glibc_lts.
I plan to fix no less than 14 CVEs. Those mostly fall into one of the
following categories:
* 4 * iconv
* 2 * unix socket
Hi Anton,
On Mon, Jun 27, 2022 at 09:12:11PM +0200, Anton Gladky wrote:
> Thus you can get an experience with dealing of such uploads. Anyway, for
> LTS we do not have any point releases. So basically it is possible to fix
> even those CVEs which are not DSA-considered. But for not-important issue
-1,3 +1,10 @@
+openscad (2019.01~RC2-2+deb10u2) UNRELEASED; urgency=high
+
+ * Non-maintainer upload by the LTS Team.
+ * Fix input validation (CVE-2022-0496 and CVE-2022-0497) (Closes: #1005641)
+
+ -- Helmut Grohne Wed, 22 Jun 2022 22:06:51 +0200
+
openscad (2019.01~RC2-2+deb10u1) buster;
13 matches
Mail list logo
