(E)LTS report for May 2024

LTS: glibc: - Released DLA-3807-1, fixing CVE-2024-2961. - Fixed and enabled the build tests and autopkgtest. gst-plugins-base1.0: - Released DLA-3824-1, fixing CVE-2024-4453. libkf5ksieve: - Released DLA-3809-1, fixing CVE-2023-52723. ELTS: glibc: - Released ELA-1087-11, fixing

[SECURITY] [DLA 3824-1] gst-plugins-base1.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3824-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk May 30, 2024

(E)LTS report for April 2024

LTS: glibc: - First part of work released as DLA-3807-1 in May. gtkwave: - DLA-3785-1 and DSA-5653-1 were released in April, but the actual work was done and submitted for review in March. pillow: - Determined that CVE-2021-25291 does not affect buster. - Released DLA-3786-1, fixing

[SECURITY] [DLA 3809-1] libkf5ksieve security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3809-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk May 05, 2024

[SECURITY] [DLA 3807-1] glibc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3807-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk May 04, 2024

[SECURITY] [DLA 3800-1] ruby-rack security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3800-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024

[SECURITY] [DLA 3799-1] trafficserver security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3799-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 28, 2024

[SECURITY] [DLA 3798-1] zabbix security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3798-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 28, 2024

[SECURITY] [DLA 3787-1] xorg-server security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3787-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 15, 2024

Re: bind9 LTS

On Sun, Mar 31, 2024 at 10:12:34PM +0800, Sean Whitton wrote: >... > - looks like backporting the old branches is what's done in bullseye and > bookworm; do you know of some reason we're not doing this for buster too? bind9 in buster provides shared libraries, with soversion changes in every

Re: How to handle freeimage package

On Thu, Apr 11, 2024 at 09:34:00PM +0200, Ola Lundqvist wrote: >... > On Thu, 11 Apr 2024 at 15:34, Santiago Ruano Rincón > wrote: > ... > > Taking one of the recent changes to data/CVE/list: > > > > @@ -6999,6 +7000,7 @@ CVE-2024-28579 (Buffer Overflow vulnerability in open > > source FreeImage

Re: How to handle freeimage package

On Thu, Apr 11, 2024 at 10:34:13AM -0300, Santiago Ruano Rincón wrote: >... > El 11/04/24 a las 08:25, Ola Lundqvist escribió: >... > > The ones I have now postponed are of the "local DoS" class. I'm here > > interpreting that "local DoS" is the same as DoS after human > > interaction. It is not

Re: How to handle freeimage package

On Wed, Apr 10, 2024 at 10:08:51PM +0200, Ola Lundqvist wrote: > Hi all Hi Ola, > Sorry for late reply. It took me too long today to answer the CVE > triaging discussion. Now to this issue. > > Regarding the fedora patches. The patches seem to help for those > specific issues they solve. > >

[SECURITY] [DLA 3786-1] pillow security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3786-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 10, 2024

Re: How to handle freeimage package

On Wed, Apr 10, 2024 at 12:17:33PM -0400, Roberto C. Sánchez wrote: > On Mon, Apr 08, 2024 at 07:56:40PM +0300, Adrian Bunk wrote: > > On Mon, Apr 08, 2024 at 05:34:47PM +0200, Moritz Muehlenhoff wrote: > > > > > > So a useful next step would be to break those reports d

(E)LTS report for March 2024

LTS: cpio: - Added note that upstream considers CVE-2023-7216 (sole unfixed CVE) normal behavior. fontforge: - Released DLA-3754-1, fixing CVE-2020-5395, CVE-2020-5496, CVE-2024-25081 and CVE-2024-25082. - Fixed CVE-2024-25081 and CVE-2024-25082 in sid. - Fixed CVE-2024-25081 and

[SECURITY] [DLA 3785-1] gtkwave security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3785-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 09, 2024

Re: How to handle freeimage package

On Mon, Apr 08, 2024 at 05:34:47PM +0200, Moritz Muehlenhoff wrote: > On Mon, Apr 08, 2024 at 01:59:55PM +0200, Sylvain Beucler wrote: > > Hi, > > > > I think this requires a bit of coordination: > > - the package is basically dead upstream, there hasn't been a fix in the > > official repos,

Re: How to handle freeimage package

On Mon, Apr 08, 2024 at 12:06:25AM +0200, Ola Lundqvist wrote: > Hi again > > Today I looked at the freeimage package that we have in dla-needed. > My conclusion is that we have 19 CVEs postponed with motivation "revisit > when fixed upstream" and 23 CVEs that are in bullseye declared as no-dsa >

Re: gtkwave update for {bookworm,bullseye,buster}-security

On Thu, Apr 04, 2024 at 11:21:21AM +0200, Emilio Pozuelo Monfort wrote: > On 29/03/2024 00:06, Adrian Bunk wrote: >... > > As already mentioned in #1060407, the ghwdump tool (and manpage) was > > dropped in 3.3.110 from the upstream sources, and is now in ghdl-tools. > >

Re: gtkwave update for {bookworm,bullseye,buster}-security

On Sun, Mar 31, 2024 at 01:52:40PM +0200, Moritz Mühlenhoff wrote: > Hi Adrian, Hi Moritz, >... > > debdiffs contain only changes to debian/ > > The bookworm/bullseye debdiffs looks good, please upload to security-master, > thanks! both are now uploaded. > Note that both need -sa, but dak

Re: Guidance for CVE triage and listing packages in dla-needed.txt

On Mon, Mar 18, 2024 at 09:40:45PM +0100, Moritz Muehlenhoff wrote: > Emilio Pozuelo Monfort wrote: > > Small nitpick: a CVE 'ignored' for (old)stable can still be fixed via point > > release. The sec-team could be contacted to update that triaging, but that's > > only ignored for

Re: Expanding the scope (slightly) of dla-needed.txt

On Thu, Mar 14, 2024 at 04:47:57PM -0400, Roberto C. Sánchez wrote: > Hello everyone, > > I have discussed with Santiago the idea of whether we need to somewhat > expand the scope of dla-needed.txt. > > In essence, we need to continue tracking packages as in-work in some > cases even after a DLA

[SECURITY] [DLA 3774-1] gross security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3774-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 25, 2024

[SECURITY] [DLA 3772-1] python3.7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3772-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 24, 2024

[SECURITY] [DLA 3771-1] python2.7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3771-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 24, 2024

[SECURITY] [DLA 3764-1] postgresql-11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3764-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 18, 2024

[SECURITY] [DLA 3762-1] unadf security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3762-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 15, 2024

[SECURITY] [DLA 3760-1] node-xml2js security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3760-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 14, 2024

[SECURITY] [DLA 3759-1] qemu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3759-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 11, 2024

[SECURITY] [DLA 3755-1] tar security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3755-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 09, 2024

[SECURITY] [DLA 3754-1] fontforge security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3754-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 08, 2024

[SECURITY] [DLA 3753-1] yard security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3753-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 06, 2024

[SECURITY] [DLA 3752-1] libuv1 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3752-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 05, 2024

(E)LTS report for February 2024

LTS: gsoap: - Released DLA-3745-1, fixing CVE-2020-13574, CVE-2020-13575, CVE-2020-13576, CVE-2020-13577 and CVE-2020-13578. wireshark: - Determined that CVE-2023-2906/wireshark does not affect <= buster. - Determined that CVE-2023-5371 does not affect <= bullseye. - Determined that

[SECURITY] [DLA 3746-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3746-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 29, 2024

[SECURITY] [DLA 3745-1] gsoap security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3745-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 29, 2024

(E)LTS report for December 2023

LTS: curl: - Determined that CVE-2022-32207 does not affect <= buster. - Found and documented a regression in CVE-2023-27534. - CVE-2022-32207 does not affect <= buster - Released DLA 3692-1, fixing CVE-2023-28322 and CVE-2023-46218, also including 2 non-security fixes from contributors.

[SECURITY] [DLA 3692-1] curl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3692-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 19, 2023

Re: curl: CVE-2023-28322 and CVE-2023-27534

On Sat, Dec 16, 2023 at 10:39:08PM -0300, Samuel Henrique wrote: >... > On Thu, 30 Nov 2023 at 06:36, Markus Koschany wrote: > > I have recently triaged CVE-2023-28322 and CVE-2023-27534 for curl as > > ignored > > for Buster because I believe those are minor issues. Since you expressed > >

(E)LTS report for November 2023

LTS: trafficserver: - Released DLA-3645-1, fixing CVE-2023-41752 and CVE-2023-44487. galera-3: - Determined that CVE-2023-5157 in galera-4 does not affect galera-3. gimp: - Released DLA-3659-1, fixing CVE-2022-30067, CVE-2023-2 and CVE-2023-4. - Determined that CVE-2023-3 does

[SECURITY] [DLA 3679-1] vlc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3679-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023

[SECURITY] [DLA 3677-1] gimp-dds security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3677-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023

[SECURITY] [DLA 3659-1] gimp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3659-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 21, 2023

[SECURITY] [DLA 3645-1] trafficserver security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3645-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 05, 2023

(E)LTS report for October 2023

LTS: poppler: - Confirmed that CVE-2020-18839 is a duplicate of CVE-2020-27778 - Released DLA-3620-1, fixing CVE-2020-23804 CVE-2022-37050 CVE-2022-37051 - PoCs for all 3 CVEs were confirmed to be present in the unfixed version and fixed in the fixed version krb: - Released DLA-3626-1, fixing

[SECURITY] [DLA 3626-1] krb5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3626-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 22, 2023

[SECURITY] [DLA 3620-1] poppler security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3620-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 16, 2023

(E)LTS report for September 2023

DLAs released: DLA-3593-1 gerbv CVE-2021-40393 CVE-2021-40394 CVE-2023-4508 DLA-3595-1 trafficserver CVE-2022-47185 CVE-2023-33934 ELAs released: ELA-942-2 qpdf (stretch) regression update ELA-972-1 exempi (stretch) CVE-2020-18651 CVE-2020-18652 ELA-974-1 ghostscript (jessie+stretch)

binNMUs needed for new pandoc in *stable

On Tue, Jul 25, 2023 at 11:39:38PM +0200, Guilhem Moulin wrote: >... > The Security Team decided not to issue a DSA for that CVE, but it's now fixed > in > buster-security (2.2.1-3+deb10u1) as well as sid (2.17.1.1-2), so it makes > sense > to fix it via (o)s-pu too. >... In all 3 distributions

[SECURITY] [DLA 3595-1] trafficserver security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3595-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2023

[SECURITY] [DLA 3593-1] gerbv security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3593-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2023

Re: suricata

On Mon, Sep 25, 2023 at 09:26:10PM +0200, Tobias Frost wrote: > Hi Adrian, Hi Tobi, >... > This sounds it's almost ready, so I think the best thing is if you > complete the work, so if this is ok with you, please take oever and > complete the package! thanks, I've taken it back and will make a

Re: suricata

On Sun, Sep 24, 2023 at 11:34:55AM +0200, Tobias Frost wrote: > Hi Adrian, Hi Tobias, > I've just claimed "suricata" for LTS, and the log says that you've > already worked on the package. Unfortunatly I could not find any > repository for your LTS changes, if there are some already, can you >

Re: (E)LTS report for August 2023

On Sun, Sep 10, 2023 at 09:22:03PM +0300, Adrian Bunk wrote: > DLAs released: >... > DLA-3552-1 gst-plugins-ugly1.0 > 2 vulnerabilities without CVE numbers assigned > > > ELAs released: >... > ELA-941-1 gst-plugins-ugly1.0 (stretch) > 2 vulnerabilitie

(E)LTS report for August 2023

DLAs released: DLA-3517-1 pdfcrack CVE-2020-22336 DLA-3519-1 ghostscript CVE-2023-38559 DLA-3528-1 poppler CVE-2020-36023 CVE-2020-36024 DLA-3552-1 gst-plugins-ugly1.0 2 vulnerabilities without CVE numbers assigned ELAs released: ELA-928-1 poppler (jessie+stretch) CVE-2020-36023

[SECURITY] [DLA 3552-1] gst-plugins-ugly1.0 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3552-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 31, 2023

[SECURITY] [DLA 3528-1] poppler security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3528-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 14, 2023

[SECURITY] [DLA 3519-1] ghostscript security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3519-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 07, 2023

[SECURITY] [DLA 3517-1] pdfcrack security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3517-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk August 06, 2023

(E)LTS report for July 2023

DLAs released: DLA-3497-1 pypdf2 CVE-2023-36810 DLA-3513-1 tiff CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 CVE-2023-26965 CVE-2023-26966 CVE-2023-38288 CVE-2023-38289 ELAs released: ELA-893-1 pypdf2 (stretch) CVE-2023-36810 ELA-909-1 tiff (jessie+stretch) CVE-2023-2908

[SECURITY] [DLA 3513-1] tiff security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3513-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk July 31, 2023

[SECURITY] [DLA 3497-1] pypdf2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3497-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk July 14, 2023

Re: WebKit 2.40 update for buster

On Thu, Jul 06, 2023 at 01:19:51PM +, Alberto Garcia wrote: >... > Bear in mind that supporting older distros means refraining from using > newer versions of the libraries and build dependencies that Webkit > uses. This is already complicated, but there's a bigger problem than > that: it also

(E)LTS report for June 2023

DLAs released: DLA-3443-1 wireshark CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952 DLA 3445-1 cpio CVE-2019-14866 CVE-2021-38185 DLA-3470-1 owslib CVE-2023-27476 DLA-3472-1 libx11 CVE-2023-3138 DLA-3474-1 systemd CVE-2022-3821 DLA-3475-1 trafficserver CVE-2022-47184 CVE-2023-30631

[SECURITY] [DLA 3477-1] python3.7 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3477-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023

[SECURITY] [DLA 3475-1] trafficserver security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3475-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023

[SECURITY] [DLA 3474-1] systemd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3474-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 29, 2023

[SECURITY] [DLA 3472-1] libx11 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3472-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 26, 2023

[SECURITY] [DLA 3470-1] owslib security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3470-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 25, 2023

[SECURITY] [DLA 3445-1] cpio security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3445-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 04, 2023

[SECURITY] [DLA 3443-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3443-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 03, 2023

(E)LTS report for April 2023

DLAs released: DLA-3402-1 wireshark CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994 DLA-3407-1 jackson-databind CVE-2020-10650 DLA-3408-1 jruby CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756

[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3409-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023

[SECURITY] [DLA 3408-1] jruby security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3408-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023

[SECURITY] [DLA 3407-1] jackson-databind security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3407-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023

[SECURITY] [DLA 3402-1] wireshark security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3402-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk April 29, 2023

LTS report for March 2023

DLA released: DLA-3377-1 systemd CVE-2023-26604 cu Adrian

[SECURITY] [DLA 3377-1] systemd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3377-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 31, 2023

(E)LTS report for February 2023

DLAs released: DLA-3332-1 apr-util CVE-2022-25147 DLA-3334-1 sofia-sip CVE-2022-47516 DLA-3339-1 binwalk CVE-2022-4510 DLA-3341-1 curl CVE-2023-23916 DLA-3343-1 mono CVE-2023-26314 A DLA for emacs was prepared, but is waiting for confirmation that a regression that was discovered in

[SECURITY] [DLA 3343-1] mono security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3343-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 24, 2023

[SECURITY] [DLA 3341-1] curl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3341-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 24, 2023

[SECURITY] [DLA 3339-1] binwalk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3339-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 23, 2023

[SECURITY] [DLA 3334-1] sofia-sip security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3334-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 22, 2023

[SECURITY] [DLA 3332-1] apr-util security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3332-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk February 21, 2023

LTS report for January 2023

DLAs released: DLA-3292-1 sofia-sip CVE-2023-22741 DLA-3304-1 fig2dev CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676 CVE-2021-32280 DLA-3305-1 libstb CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223

[SECURITY] [DLA 3305-1] libstb security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3305-1debian-...@lists.debian.org https://www.debian.org/lts/security/Adrian Bunk January 31, 2023

[SECURITY] [DLA 3304-1] fig2dev security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3304-1debian-...@lists.debian.org https://www.debian.org/lts/security/Adrian Bunk January 31, 2023

[SECURITY] [DLA 3292-1] sofia-sip security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3292-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk January 29, 2023

LTS report for December 2021

Hours worked: 70.75 hours DLAs released: DLA-2849-1 wireshark CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39928 CVE-2021-39929 DLA-2850-1 libpcap CVE-2019-15165 DLA-2851-1 libextractor CVE-2019-15531 DLA-2855-1 monit

[SECURITY] [DLA 2873-1] aria2 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2873-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021

[SECURITY] [DLA 2872-1] agg security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2872-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021

Re: postgis 2.3.1+dfsg-2+deb9u1 update broken

On Wed, Dec 29, 2021 at 07:46:39PM +0200, Adrian Bunk wrote: > On Wed, Dec 29, 2021 at 05:04:29PM +0100, Peter De Wachter wrote: > > In postgis LTS update 2.3.1+dfsg-2+deb9u1, the package > > postgresql-9.6-postgis-2.3-scripts is empty (containing only > > /usr/share/do

[SECURITY] [DLA 2868-1] advancecomp security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2868-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021

[SECURITY] [DLA 2857-2] postgis regression update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2857-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021

Re: postgis 2.3.1+dfsg-2+deb9u1 update broken

On Wed, Dec 29, 2021 at 05:04:29PM +0100, Peter De Wachter wrote: > In postgis LTS update 2.3.1+dfsg-2+deb9u1, the package > postgresql-9.6-postgis-2.3-scripts is empty (containing only > /usr/share/doc files). The scripts are missing. Without the scripts, I > believe it's not possible to create

[SECURITY] [DLA 2866-1] uw-imap security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2866-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021

[SECURITY] [DLA 2865-1] resiprocate security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2865-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 29, 2021

[SECURITY] [DLA 2861-1] rdflib security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2861-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 28, 2021

[SECURITY] [DLA 2857-1] postgis security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2857-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 28, 2021

  1   2   3   >