(E)LTS activity for may

2023-06-01 Thread Bastien Roucariès
Hi, This month activity consisted to: - release UWSGI fixing CVE-2023-27522 initially reported against apache2 but than may affects old version of uwsgi. I have reported this finding to the CVE database and CVE was updated. - the main part of the work was on imagemagick package: *

Debian LTS report for May 2023

2023-06-01 Thread Guilhem Moulin
During the month of May 2023 and on behalf of Freexian, I worked on the following: * DLA-3424-1 for python-ipaddress=1.0.17-1+deb10u1 CVE-2020-14422 https://lists.debian.org/msgid-search/?m=zglark8btpj4t...@debian.org * DLA-3425-1 for sqlparse=0.2.4-1+deb10u1 CVE-2023-30608

[SECURITY] [DLA 3440-1] cups security update

2023-06-01 Thread Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3440-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz June 01, 2023

Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

2023-06-01 Thread Markus Koschany
Version: 3.1.12~ds-3+deb10u2 Thanks for your report and the detailed replies. I could reproduce the problem and identify a wrongly applied commit in libatalk/adouble/ad_open.c. After applying a new patch to fix it, the AppleDouble v2 format seems to work as intended again. I'm going to close

[SECURITY] [DLA 3426-2] netatalk regression update

2023-06-01 Thread Markus Koschany
- Debian LTS Advisory DLA-3426-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany June 01, 2023 https://wiki.debian.org/LTS

Accepted netatalk 3.1.12~ds-3+deb10u2 (source) into oldstable

2023-06-01 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 1 Jun 2023 18:36:29 CEST Source: netatalk Architecture: source Version: 3.1.12~ds-3+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Netatalk team Changed-By: Markus Koschany Checksums-Sha1:

Make stable-security build logs public after embargo

2023-06-01 Thread Sylvain Beucler
Hello Wanna-build team, I'm part of the Debian LTS Team, and along with the Security Team, we're looking into making embargo'd build logs eventually public. See https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/51 Typical use case: when the LTS Team is working on the first LTS

Accepted cups 2.2.10-6+deb10u7 (source) into oldstable

2023-06-01 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 31 May 2023 21:30:27 +0200 Source: cups Architecture: source Version: 2.2.10-6+deb10u7 Distribution: buster-security Urgency: high Maintainer: Debian Printing Team Changed-By: Thorsten Alteholz Changes: cups

Debian LTS and ELTS - May 2023

2023-06-01 Thread Sylvain Beucler
Here is my public monthly report. Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/lts/debian/#sponsors LTS - python2.7 - First LTS upload - Fixes in past triage - Fix test suites for impacted Python packages - DLA