Hi,
This month activity consisted to:
- release UWSGI fixing CVE-2023-27522 initially reported against apache2 but
than may affects old version of uwsgi. I have reported this finding to the CVE
database and CVE was updated.
- the main part of the work was on imagemagick package:
*
During the month of May 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3424-1 for python-ipaddress=1.0.17-1+deb10u1
CVE-2020-14422
https://lists.debian.org/msgid-search/?m=zglark8btpj4t...@debian.org
* DLA-3425-1 for sqlparse=0.2.4-1+deb10u1
CVE-2023-30608
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-3440-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Thorsten Alteholz
June 01, 2023
Version: 3.1.12~ds-3+deb10u2
Thanks for your report and the detailed replies. I could reproduce the problem
and identify a wrongly applied commit in libatalk/adouble/ad_open.c. After
applying a new patch to fix it, the AppleDouble v2 format seems to work as
intended again. I'm going to close
-
Debian LTS Advisory DLA-3426-2debian-...@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
June 01, 2023 https://wiki.debian.org/LTS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 1 Jun 2023 18:36:29 CEST
Source: netatalk
Architecture: source
Version: 3.1.12~ds-3+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Netatalk team
Changed-By: Markus Koschany
Checksums-Sha1:
Hello Wanna-build team,
I'm part of the Debian LTS Team, and along with the Security Team, we're
looking into making embargo'd build logs eventually public.
See https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/51
Typical use case: when the LTS Team is working on the first LTS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 31 May 2023 21:30:27 +0200
Source: cups
Architecture: source
Version: 2.2.10-6+deb10u7
Distribution: buster-security
Urgency: high
Maintainer: Debian Printing Team
Changed-By: Thorsten Alteholz
Changes:
cups
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- python2.7
- First LTS upload
- Fixes in past triage
- Fix test suites for impacted Python packages
- DLA