I've worked during June 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
nvidia-cuda-tools:
Triaging with the result that an update probably
does not make sense as fixed for CVEs are not available for the version
in buster, and a newer version has the danger that it does not support all
cards that were originally. The libraries might also break ABI.
See also Andreas reply in the thread starting at
https://lists.debian.org/debian-lts/2023/06/msg00032.html
LTS and ELTS:
=
php-cas:
Ongoing work to prepare updated packages for CVE-2017-171,
an authentication bypass vulnerability (please see the CVE for details.)
Unfortunatly the change required is API breaking, so reverse dependencies
needs to be fixed as well. In buster, those are:
- fusiondirectory (patch for the CVE-2017-171 ready)
- ocsinventory-server (TODO)
As users might be using software using php-cas not in Debian, to give them
an opportunity to fix the pacakges on their side, preliminary packages are
available. See this thread and replies for more information and where those
are: https://lists.debian.org/debian-lts/2023/06/msg00058.html
fusiondirectory needs also some fixes of its own; I'm coordinating the upload
with Abhijith PA, as they have been working on the package for those.
The plan is to upload php-cas, fusiondirectory and ocsinventory-server at the
same time, once ocsinventory-server is ready.
For stretch, php-cas has only unsupported reverse dependencies in Debian,
still this needs coordination with users the package to get their
software updated. After this coordinatio is done, I'll plan to upload php-cas
for stretch.
ELTS:
yajl:
ELA-888-1 (stretch/jessie), CVE-2023-33460, a memory leak that can lead to
DoS.
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
Cheers,
--
tobi
signature.asc
Description: PGP signature