LTS: trafficserver: - Released DLA-3645-1, fixing CVE-2023-41752 and CVE-2023-44487.
galera-3: - Determined that CVE-2023-5157 in galera-4 does not affect galera-3. gimp: - Released DLA-3659-1, fixing CVE-2022-30067, CVE-2023-44442 and CVE-2023-44444. - Determined that CVE-2023-44443 does not affect <= buster. - The plugin with CVE-2023-44441 is in gimp-dds in <= buster, released DLA-3677-1 for gimp-dds with this fix. - Notified the security team to get rid of the stale gimp-dds package in bullseye+bookworm that is an older version of a plugin moved into gimp in >= bullseye. - Submitted gimp packages for bullseye-pu and bookworm-pu that add Breaks to remove the old and vulnerable gimp-dds version of the plugin. vlc: - Released DLA-3679-1, updating to the latest upstream version, which also fixes CVE-2023-47359 and CVE-2023-47360. ELTS: vim: - Released ELA-1002-1, fixing CVE-2023-4752, CVE-2023-4781 and CVE-2023-5344 in jessie and stretch. gimp: - Released ELA-1005-1, fixing CVE-2022-30067, CVE-2023-44442 and CVE-2023-44444 in stretch. vlc: - Released ELA-1016-1, updating to the latest upstream version in stretch, which also fixes CVE-2023-47359 and CVE-2023-47360.
