LTS: cpio: - Added note that upstream considers CVE-2023-7216 (sole unfixed CVE) normal behavior.
fontforge: - Released DLA-3754-1, fixing CVE-2020-5395, CVE-2020-5496, CVE-2024-25081 and CVE-2024-25082. - Fixed CVE-2024-25081 and CVE-2024-25082 in sid. - Fixed CVE-2024-25081 and CVE-2024-25082 as DSA-5641-1 in bullseye and bookworm. gtkwave: - Released DLA-3785-1, upgrading to a new upstream version fixing CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 CVE-2023-39443 CVE-2023-39444 - Submitted a similar upgrade to unstable. - Submitted similar upgrades to bullseye-security and bookworm-security, where they were released as DSA-5653-1. - The DSA and DLA were released in April, but they are listed here since all work was done and submitted for review in March. gross: - Released DLA-3774-1, fixing CVE-2023-52159. - Submitted the CVE-2023-52159 fix for the next bullseye and bookworm point releases. iwd: - Determined that CVE-2024-28084 does not affect buster. libuv1: - Released DLA-3752-1, fixing CVE-2024-24806. node-xml2js: - Released DLA-3760-1, fixing CVE-2023-0842. postgresql-11: - Released DLA-3764-1, fixing CVE-2024-0985. python2.7: - Determined that CVE-2023-6597 does not affect python2.7. - Released DLA-3771-1, fixing CVE-2024-0450. python3.7: - Released DLA-3772-1, fixing CVE-2023-6597 and CVE-2024-0450. qemu: - Determined that qemu 1:5.2+dfsg-11+deb11u3 in bullseye had fixed CVE-2022-1050 (fix already applied in buster), not CVE-2023-1544. - Determined that CVE-2023-1544 does not affect buster. - Determined that CVE-2023-6683 does not affect <= bullseye. - Determined that CVE-2024-24474 does not affect <= bullseye. - Determined that CVE-2023-42467 does not affect <= bullseye. - Released DLA-3759-1, fixing CVE-2023-2861, CVE-2023-3354 and CVE-2023-5088. tar: - Released DLA-3755-1, fixing CVE-2023-39804. unadf: - Released DLA-3762-1, fixing CVE-2016-1243 and CVE-2016-1244. yard: - Released DLA-3753-1, fixing CVE-2019-1020001 and CVE-2024-27285. ELTS: clamav: - Determined that CVE-2024-20290 and CVE-2024-20328 (sole unfixed CVEs) do not affect jessie or stretch. imlib2: - Determined that CVE-2024-25447, CVE-2024-25448 and CVE-2024-25450 (sole unfixed CVEs) do not affect <= buster. libgit2: - Determined that CVE-2024-24575 does not affect jessie or stretch. - Released ELA-1053-1, fixing CVE-2024-24577 in stretch. libuv1: - Determined that CVE-2024-24806 does not affect stretch. postgresql-9.4: - Released ELA-1061-1, fixing CVE-2024-0985 in jessie. postgresql-9.6: - Released ELA-1060-1, fixing CVE-2024-0985 in stretch. putty: - Determined that CVE-2020-14002 does not affect jessie or stretch. - Determined that CVE-2023-48795 does not affect jessie or stretch. python2.7: - Released ELA-1065-1, fixing CVE-2024-0450 in jessie and stretch. python3.4: - Released ELA-1067-1, fixing CVE-2024-0450 in jessie. python3.5: - Released ELA-1066-1, fixing CVE-2024-0450 in stretch. qemu: - Determined that CVE-2024-26327 does not affect jessie or stretch. - Determined that CVE-2024-26328 does not affect jessie or stretch. - Released ELA-1063-1, fixing CVE-2020-14394, CVE-2023-0330, CVE-2023-2861, CVE-2023-3180, CVE-2023-3354 and CVE-2023-5088 in stretch.
