Hello everyone, Here’s my monthly report for the work I’ve done for Debian LTS and ELTS in March 2025.
Thanks to Freexian and sponsors for making this possible: https://www.freexian.com/lts/debian/#sponsors LTS === nginx I have uploaded an update for nginx fixing CVE-2025-23419 and CVE-2024-7347 that I have previously prepared last month. Since Jan, the Debian maintainer, uploaded a stable update fixing CVE-2025-23419, in order to avoid regressions for users upgrading from bullseye I needed to prepare an upload fixing the other bug. This has been approved, and I uploaded another nginx package version into proposed-updates. mbedtls I started work on an update to mbedtls. There are a bunch of CVEs that the most recent 2.16 version fixes, but it also brings a few updates that have previously been questioned by the release team (https://bugs.debian.org/1006169#20). Instead, I took a route of cherry-picking the relevant fixes only. This is still a work in progress at the moment. ELTS ==== I haven’t done anything for ELTS this month. -- Cheers, Andrej
