proposing enabling KGB
> > notifications for MRs and issues in lts-team.pages.debian.net. The
> > rationale is not everyone is notified about MRs and issues in that repo,
> > but documentation is an important part of our work (specially for
> > newcomers and those very difficult pac
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in July 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
LTS
===
jgit
I worked on backporting CVE-2023-4759 for this package, but that proved
Hi,
here are some remarks about my work last month.
- snapcast (LTS)
I've uploaded DLA 4252-1 fixing one CVE. I also attempted to get in
contact with the maintainer to get the improved fix applied to
Bookworm.
- pytorch (LTS)
I have prepped and tested multiple patches for pytorch.
number of reverse build
dependencies so handling all of those as source uploads would be quite a task.
Possibly someone with experience could help me out? That would be much
appreciated.
As discussed on #debian-lts, dropped from dla-needed.txt.
https://salsa.debian.org/security-tracker-team
I've worked during July on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS
angular.js/stretch
-
I begin to kackport to stretch, triaged CVEs and during the course of a
In July 2025 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- debian-security-support: Worked on an simple test case.
Both:
- Participated in the (E)LTS meeting.
Sprint:
I Partici
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- xmlrpc-c and libxmltok (both embed old expat copy, with open vulnerabilities)
- Status update (request by LTS
Hi,
I've worked during July 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4259-1 for systemd/bullseye to fix CVE-2025-4598.
(https://lists.debian.org/debian-lts-announce/20
+deb10u12 (buster) and 2.9.4+dfsg1-2.2+deb9u14
(stretch), and issued ELA-1487-1.
https://www.freexian.com/lts/extended/updates/ela-1487-1-libxml2/
Also, filed s-pu bug #1109947 for the latter 4 CVEs, uploaded an NMU to
unstable for CVE-2025-6170.
mediawiki
-
Uploaded 1:1.35.13-1+deb11u4 and
Hi Carlos,
On Tue, Jul 29, 2025 at 8:18 AM Carlos Henrique Lima Melara
wrote:
> I brought this proposal up in a previous meeting and would like to
> formalize it here in the mailing list. I'm proposing enabling KGB
> notifications for MRs and issues in lts-team.pages.debian.net. T
In July 2025 I've worked on the below listed packages for Freexian LTS/ELTS [1].
This is my fifth month and unfortunately this month was also plagued by lack
of time, mainly because some well needed vacation.
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
Hi,
I brought this proposal up in a previous meeting and would like to
formalize it here in the mailing list. I'm proposing enabling KGB
notifications for MRs and issues in lts-team.pages.debian.net. The
rationale is not everyone is notified about MRs and issues in that repo,
but documentati
I've worked during June 2025 on the below listed package, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
nvidia-graphics-drivers
===
Triaged & started a discussion on how to support the nivdia-graphics-driver
pa
In May 2025 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- bullseye/hdf5: Upstream does not provide separate security patches so
changes need to be hand picked and verified. Wo
ython-flask-cors (PU)
A PU request has been opened in #1108508 to fix CVE-2024-1681, CVE-
2024-6839, CVE-2024-6844, and CVE-2024-6866 after CVE-2024-6839 was
actually fixed in Sid (thanks to Carsten for the upload).
- u-boot (LTS/PU)
I've continued working on the patches for CVE-2021-27138 an
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- dns-root-data
- non-security upload: update DNSSEC-related reference data
- DLA-4226-1
https
I've worked during June on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS
krb5
---
I released ELA-1450-1 fixing CVE-2025-3576
twitter-bootstrap3
---
I released ELA-1
I've worked during June 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4213-1 for curl/bullseye to fix CVE-2023-27534
regression.
(https://lists.debian.org/debian-lts-ann
.
Also, uploaded 1.3.17+dfsg.1-1~deb10u8 (buster) and issued ELA-1462-1
for the aforementioned vulnerability.
https://www.freexian.com/lts/extended/updates/ela-1462-1-roundcube/
symfony
---
Uploaded 3.4.22+dfsg-2+deb10u4 (buster) and issued ELA-1471-1
https://www.freexian.com/lts/extended
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in June 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
LTS
===
mbedtls
I have uploaded the update I prepared previously fixing 5 CVEs and
Hi Everyone,
Here are the notes from the recent monthly LTS contributor meetings.
(With my apologies for the delay in sending this out.)
Agenda:
- Roll Call
+ "Presents" below
- New team members:
+ No new team members
- Action item review: (Roberto)
+ Action: Clarify g
In June 2025 I've worked on the below listed packages for Freexian LTS/ELTS [1].
This is my forth month and unfortunately this month was also plagued by lack
of time.
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
sslh:
I looked into the 2 outstanding
Hello,
June was my twenty-fourth month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- libmojolicious-perl
- After concluding the e-mail discussion mentioned
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- fossil
- Fix client to support remote apache2 patched with CVE-2024-24795.
Last year fixes didn't make
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in May 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
Most of the work I did in May was done at the MiniDebConf in Hamburg, which
Freexian also
In May 2025 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- Released DLA-4165-1 for open-vm-tools.
ELTS:
- Released ELA-1427-1 for open-vm-tools.
- Released ELA-1430-1 for vim.
Hi,
here are some remarks about my work on LTS and ELTS in May 2025.
- python-tornado (LTS/ELTS)
DLA-4188-1 has been released to fix CVE-2025-47287. A PU for bookworm
has been prepared as well (#1106819). I also backported the fix to
Buster. However, I have not yet released it, because
Hi everyone,
In May I did following LTS work:
Due to a misunderstanding I issued DLA 4167-1 (thunderbird) with quite some
delay, and had some follow-up discussion.
I issued DLA 4183-1 for setuptools, fixing CVE-2025-47273. I also fixed it in
bookworm, and applied for a bookworm-pu. I fixed
I've worked during may on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
nodejs
--
Found CVE-2025-47153 and patch it.
Certain build processes for libuv and Node.js for 32-bit systems,
su
I've worked during May 2025 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
abseil
==
(Follow up on the work from April), abseil has been fixed in stable as
well, via the stable-proposed-updated mechanism
During the month of May 2025 and on behalf of Freexian, I worked on the
following:
vips
Uploaded 8.7.4-1+deb10u2 (buster) and issued ELA-1421-1.
https://www.freexian.com/lts/extended/updates/ela-1421-1-vips/
* CVE-2021-27847: Potential DoS due to division by zero issues.
dropbear
Hello,
I've worked during May 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4159-1 for postgresql-13/bullseye to fix CVE-2025-4207.
(https://lists.debian.org/debian-lts-ann
Hello,
May was my twenty-third month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- libsoup2.4
- Uploaded an NMU to sid fixing CVE-2025-32906, CVE-2025-32909,
In May 2025 I've worked on the below listed packages for Freexian LTS/ELTS [1].
This is my third and unfortunately least productive month, because of
high stress level and lack of time caused by external factors.
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
Hello,
On Fri, May 23, 2025 at 12:51:58PM +0200, Marc SCHAEFER wrote:
> changelog says:
>
>linux-signed-amd64 (5.10.237+1) bullseye-security; urgency=high
it looks like the DLA was published today, and it's also linked to
the recent microcode update.
> Is there a reason to upgrade immediate
Hello,
changelog says:
linux-signed-amd64 (5.10.237+1) bullseye-security; urgency=high
[ and a very long list of changes, I saw mostly local issues and
WiFi
]
I don't think I saw the DLA for it in https://www.debian.org/lts/security/
nor e-mail.
Is there a reason to up
Hello everyone,
Since the May LTS contriburor meeting was on IRC, the meeting minutes
and logs are avialable here:
http://meetbot.debian.net/debian-lts/2025/debian-lts.2025-05-22-14.00.html
Regards,
-Roberto
--
Roberto C. Sánchez
upload it after it has been fixed in stable and above. However
Christoph prepared an update independently and uploaded it on April 30 [1].
DLA-4167-1 should reach debian-lts-announce@ soon, which also contains the
correct CVE list.
Regards,
Lee Garrett,
Debian LTS Team
cu
Adrian
[0
; - CVE-2025-3522
> - CVE-2025-2830
>...
I am bit confused regarding what you have done last month.
What is the DLA number of your update?
Where in git are your changes?
> Regards,
> Lee Garrett,
> Debian LTS Team
cu
Adrian
Hi everyone,
For LTS I issued DLA-3695-2, which fixed a regression in one of the previous
updates. For this I used the new debusine infrastructure, where I also reported
a few smaller bugs.
I also prepared an update for Thunderbird fixing the following issues:
- CVE-2025-2817
- CVE-2025-4082
1053246), but we failed to find an external
> > > party able to help.
> > > The full announcement can be found at
> > > https://www.freexian.com/blog/xen-4.17-lts/, and for completeness, you
> > > can have the main part of it here below:
> >
> > Thanks
n maintainers more in the loop at some point.)
> >
> > This is something that we had tried to do for Xen 4.14
> > (https://bugs.debian.org/1053246), but we failed to find an external
> > party able to help.
> > The full announcement can be found at
> > https://www.fr
Hello,
I've worked during April 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4117-1 for atop/bullseye to fix CVE-2025-31160.
(https://lists.debian.org/debian-lts-announce/20
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in April 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
LTS
===
libnet-easytcp-perl
I have uploaded an update for Net::EasyTCP Perl module
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- Front-Desk (week 14 and 15)
- Replaced Santiago week 14, so 2 weeks in a row
- Mark 22 packages for update, drop
During the month of April 2025 and on behalf of Freexian, I worked on the
following:
php
---
Uploaded 7.3.31-1~deb10u10, 7.0.33-0+deb9u21 and 5.6.40+dfsg-0+deb8u23
respectively for buster ELTS, stretch ELTS and jessie ELTS, and issued
ELA-138[3-5]-1.
https://www.freexian.com/lts/extended/updates
Hi,
here are some remarks about my work on LTS and ELTS in April 2025.
- zfs-linux (LTS)
DLA 4114-1 fixing CVE-2013-20001 and CVE-2023-49298 has been released
by the beginning of the month.
- ruby-saml (LTS)
DLA 4115-1 fixing CVE-2025-25291/CVE-2025-25292 and CVE-2025-25293 has
been released
In April 2025 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- finished #1053462 in debian-security-support and provided a fix for
the related tooling in the security tracker.
Hello,
April was my twenty-second month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- glibc
- Released DLA-4143-1 addressing CVE-2025-0395.
- Marked CVE-2
I've worked during April 2025 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
abseil (DLA-4116-1)
===
Started in March, I've finished the work on abseil to address CVE-2025-0838.
I'v
I've worked during April on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
ruby3.1
---
I Fix bookworm opened CVE by uploading a new version
I Investigated why gems are not build, and fixe
Xen 4.14
> (https://bugs.debian.org/1053246), but we failed to find an external
> party able to help.
> The full announcement can be found at
> https://www.freexian.com/blog/xen-4.17-lts/, and for completeness, you
> can have the main part of it here below:
Thanks for the heads-up on it
In April 2025 I've worked on the below listed packages for Freexian LTS/ELTS
[1].
This is my second month and the first time for me to announces ELAs.
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS
=
opensaml{,2}:
Continuing my work from last mon
can be found at
https://www.freexian.com/blog/xen-4.17-lts/, and for completeness, you
can have the main part of it here below:
Freexian is pleased to announce a partnership with Invisible Things Lab
(https://invisiblethingslab.com/) to extend the security support of the
Xen type-1 hypervisor
Hello everyone,
Here are the notes from the April LTS contributor meeting:
- Roll Call
- New team members: (no new team members in the past month)
- Action item review: (Roberto)
+ Action: (a) update the team docs to make this [package claim/note policy] a
bit more clear, and (b) write an
Le lundi 14 avril 2025, 02:49:35 heure d’été d’Europe centrale Santiago Ruano
Rincón a écrit :
> Hi there!
>
> Who is interested in having an LTS BoF during DC 25?
>
> Part of the topics that we could discuss is the security-tracker-related
> work that we plan to tackle d
Hi,
On Sun, Apr 13, 2025 at 09:49:35PM -0300, Santiago Ruano Rincón wrote:
> Who is interested in having an LTS BoF during DC 25?
I'm also interested! If all goes well, I plan to join DebCamp too from
the start.
Cheers,
Charles
Hi,
On Sun, 2025-04-13 at 21:49 -0300, Santiago Ruano Rincón wrote:
> Hi there!
>
> Who is interested in having an LTS BoF during DC 25?
I am also interested o/
Cheers,
Lucas Kanashiro
signature.asc
Description: This is a digitally signed message part
El 16/04/25 a las 15:06, Sylvain Beucler escribió:
> Hi,
>
> On 14/04/2025 02:49, Santiago Ruano Rincón wrote:
> > Who is interested in having an LTS BoF during DC 25?
> >
> > Part of the topics that we could discuss is the security-tracker-related
> > work that
Hi,
On 14/04/2025 02:49, Santiago Ruano Rincón wrote:
Who is interested in having an LTS BoF during DC 25?
Part of the topics that we could discuss is the security-tracker-related
work that we plan to tackle during DebCamp (BTW, deadline for bursaries
is tomorrow, 2025-04-14!).
If LTS
Hi there!
Who is interested in having an LTS BoF during DC 25?
Part of the topics that we could discuss is the security-tracker-related
work that we plan to tackle during DebCamp (BTW, deadline for bursaries
is tomorrow, 2025-04-14!).
If LTS sponsors are planing to attend, it would be a nice
In March 2025 I've worked on the below listed packages for Freexian LTS/ELTS
[1].
This was my first official month of LTS/ELTS work (after being onboarded last
month). I thus had to investigate some efforts in getting up to speed with
all the procedures but I have not counted that overhead
Hi everyone,
For ELTS I created integration tests for autopkgtest-build-qemu to ensure that
building qemu images for ELTS/LTS releases and running tests on those does not
regress in the future. [0]
I discussed with Helmut running those regularly on Freexian infrastructure. [1]
I debugged
In March 2025 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- Published DLA-4083-1 for squid/bullseye.
- Worked on fixing #1053462 in debian-security-support.
- Helped Lee with a sec
I've worked during March 2025 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
intel-microcode (DLA-4095-1, ELA-1364-1)
Intel updated their provided microcodes, this u
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- openvpn review
- Continue reviewing proposed update by @aquilamacedo
https://salsa.debian.org/debian/openvpn
On Mon, Mar 31, 2025 at 04:20:08PM +0100, Chris Lamb wrote:
> Adrian Bunk wrote:
>
> > It would make sense if the same person fixes the CVEs in all copies of
> > the bson code in all releases.
>
> Indeed it would. If someone has a connection or history with any of
> these packages already, I'd b
I've worked during mars on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS
proftpd
---
I have fixed CVE-2024-57392
I have fixed testsuite
I released ELA-1343-1
I investigate possible regre
numerous names or name constraints.
(The LTS part of the work was done in February with DLA-4063-1.)
https://www.freexian.com/lts/extended/updates/ela-1352-1-gnutls28/
sqlparse
Uploaded 0.2.4-1+deb10u2 (buster), 0.2.2-1+deb9u2 (stretch) and
0.1.13-2+deb8u1 (jessie), and issued ELA-1341
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in March 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
LTS
===
nginx
I have uploaded an update for nginx fixing CVE-2025-23419 and
CVE
Adrian Bunk wrote:
> It would make sense if the same person fixes the CVEs in all copies of
> the bson code in all releases.
Indeed it would. If someone has a connection or history with any of
these packages already, I'd be more than happy to relinquish my claim
on mongo-c-driver so they are all
; > > superseeds src:libbson/stretch
> > > ...
> >
> > For ELTS having libbson there would be useful:
> >
> > mongo-c-driver
> >- libbson (embed)
> >- libbson-xs-perl (embed)
>
> If the Security Team agrees, let's keep libbson
On Mon, Mar 31, 2025 at 04:40:37PM +0100, Simon McVittie wrote:
>...
> LTS team members are welcome to push those changes and their tags to the
> debian/bullseye branches in <https://salsa.debian.org/debian/flatpak> and
> <https://salsa.debian.org/debian/bubblewrap>
Hi,
here are some remarks about my work on LTS and ELTS in March 2025.
- zfs-linux (LTS)
I've prepared an upcoming DLA fixing CVE-2013-20001 and CVE-2023-49298
and tested the changes in a VM. The DLA is about to be released within
the next days.
- u-boot (LTS)
I've prepared an up
oint.
I already pinged Chris via IRC to ask him to let me take over the
mongo-c-driver specifically, since he claimed them already this morning
but I alreay have the context on them and I was already in coordination
w/ Salvatore.
> Copies of the bson code are also in the (E)LTS supported packa
ng:
https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/commit/c253f47c1b82fc8f40729aaf3cf5b4a8731115b9
(libbson-xs-perl however doesn't fit renamed-packages* and still needs
to be handled as embedded copy.)
Cheers!
Sylvain
Version: 1.10.8-0+deb11u3
On Sat, 28 Sep 2024 at 14:24:41 +0100, Simon McVittie wrote:
https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87
This is fixed in stable, testing and unstable but I'm opening a bug to
represent this in (E)LTS. I am not intending to work on
Roberto C. Sánchez wrote:
> Can you confirm that it's OK for me to go ahead and take over your
> claims on mongo-c-driver?
Yes, absolutely; please go ahead and claim.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
>...
> Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
>
> e.g.
> diff --git a/data/embedded-code-copies b/data/embedded-code-copies
> index 19611b261b..77696af1af 100644
> --- a/data/embedded-code-copies
On Mon, Mar 31, 2025 at 04:42:59PM +0200, Sylvain Beucler wrote:
>
> Do we want to update data/embedded-code-copies to reference libbson-xs-perl?
>
> e.g.
> diff --git a/data/embedded-code-copies b/data/embedded-code-copies
> index 19611b261b..77696af1af 100644
> --- a/data/embedded-code-copies
>
Hi,
On 31/03/2025 16:25, Roberto C. Sánchez wrote:
On Mon, Mar 31, 2025 at 04:58:25PM +0300, Adrian Bunk wrote:
Copies of the bson code are also in the (E)LTS supported packages
libbson/stretch and libbson-xs-perl/bullseye.
I am aware of libson/stretch but not of libbson-xs-perl/bullseye. I
On Mon, Mar 31, 2025 at 10:25:54AM -0400, Roberto C. Sánchez wrote:
>
> one who developed the patch to this specific CVE).
>
By "this specific CVE" I refer to the most recent CVE (CVE-2025-0755),
but I plan to take care of the other no-dsa CVEs along the way.
Regards,
-Roberto
--
Roberto C. Sá
Hi,
mongo-c-driver was added to *la-needed.txt yesterday, and someone
already claimed it to fix the 4 bson CVEs (and a non-bson CVE) in
bullseye and buster.
Copies of the bson code are also in the (E)LTS supported packages
libbson/stretch and libbson-xs-perl/bullseye.
Front Desk / Security
Hello,
March was my twenty-first month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- python3.9
- Released DLA 4087-1 fixing CVE-2022-0391, CVE-2025-0938 and
ep working on this package in the next
> month.
> > Other people should take care of the remaining steps to fix this CVE in
> the
> > ELTS releases.
>
> I'm happy to pick this up. Please unclaim libmodbus in ela-needed.txt
> or simply ack that it's ok if I hijac
x27;s ok if I hijack it from you there.
>
> regards.
>
> [1] https://www.freexian.com/lts/
> [2] https://www.freexian.com/lts/debian/#sponsors
> [3]
> https://salsa.debian.org/lts-team/packages/libmodbus/-/blob/debian/jessie-security/debian/patches/CVE-2024-10918.patch
>
>
Regards,
Andreas Henriksson
Hello,
This is my March 2025 monthly report for the Freexian LTS/ELTS [1] initiative.
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
I did not do any LTS work this month.
ELTS:
I worked on the libmodbus package for Debian Jessie.
In particular, I’ve
Package: debian-security-support
Version: 1:13+2025.01.30
Severity: normal
X-Debbugs-Cc: debian-lts@lists.debian.org
Hello there,
I would like to propose EOL'ing odoo in bullseye, because 14.0 has been
EOL'ed by upstream and the complexity of backporting patches seems to be
too high.
Hi everyone,
For ELTS I fixed a few autopkgtests in dnsmasq after review by Lucas Kanashiro
and finally uploaded dnsmasq on jessie and stretch, fixing:
- CVE-2023-50868 ("NSEC3" issue)
- CVE-2023-50387 ("keytrap" issue)
For LTS I fixed jinja2 in bookworm:
CVE-2024-56201
CV
Hi,
This is summary on the work I did for Debian LTS and ELTS in February
2025. Thanks to Freexian and sponsors for making this possible [0].
This is the first month I've been active on LTS/ELTS. Many thanks to
Santiago for all the guidance and feedback he gave me during the
onboarding pr
-12133: DoS while parsing a certificate containing
numerous SEQUENCE OF or SET OF elements.
Also, uploaded 4.13-3+deb10u2 (buster), 4.10-1.1+deb9u3 (stretch) and
4.2-3+deb8u6 (jessie), and issued ELA-1336-1 for the aforementioned
vulnerability.
https://www.freexian.com/lts/extended/updates/ela
I've worked during February 2025 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
freerdp2 (DLA-4053-1, DLA-4070-1, stable
The situation for freerdp2 was that there were
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- cacti
- Review and test candidates for DLA-4048-1 and DSA-5862-1 (by @rouca)
https://lists.debian.org/debian
In February 2025 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- Published DLA-4041-1 fixing CVE-2024-42367 in python-aiohttp/bullseye
Thanks to Daniel for reviewing my changes.
- W
Hi,
here are some remarks about my work on LTS and ELTS in February 2025.
- asterisk (ELTS/LTS)
DLA-4042-1 was released fixing CVE-2024-53566.
ELA-1319-1 was released fixing CVE-2024-53566 in Buster and Stretch.
- trafficserver (LTS)
DLA 4055-1 was released fixing CVE-2024-38479 and CVE
Hello everyone,
Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in February 2025.
Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors
LTS
===
golang-glog
I have uploaded what seemed a fairly simple update fixing a
I've worked during february on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
ruby2.7
---
I have fixed a regression and a previous DSA
cacti
---
Fix CVE and release a DSA 5862-1
Hello,
February was my twentieth month working on LTS and ELTS. Thank you to
Freexian and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- vim
- I started preparing an update to address tens of CVEs last month.
Hi everyone,
Here are the notes from today's LTS meeting:
- Roll Call
- New team members (Roberto/Santiago)
+ Paride Legovini (paride)
+ Andreas Henrikson (ah)
- Action item review: (roberto)
+ Action: clearly document our preferences/understandings for when to
work in
maint
Hi Kiruthika,
Am Freitag, dem 14.02.2025 um 13:48 +0530 schrieb kiruthikaanbusuresh:
> Hi Markus,
> We do not want to provide unofficial service for ppc64le. We want to get
> ppc64le, Debian-LTS certified by Debian. We want to be officially Debian-LTS
> certified.
May I red
1 - 100 of 1195 matches
Mail list logo
