Hello, I've worked during May 2025 on the below listed packages, for Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity! LTS === - Published DLA-4159-1 for postgresql-13/bullseye to fix CVE-2025-4207. (https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html) - Triaged CVE-2025-48174/libavif and CVE-2025-48175/libavif - Backported and tested the fixes for bullseye. - Published DLA-4179-1 for libavif/bullseye to fix CVE-2025-4207. (https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html) - Triaged CVE-2025-4598/systemd - Started to backport and test the fix for bullseye. ELTS ==== - Triaged CVE-2023-27534/curl, CVE-2023-28321/curl and CVE-2023-28322/curl. - Backported and tested the fixes for jessie. - One remaining regression to fix before releasing the ELA: - Fix for CVE-2023-27534 must allow sftp://host/~ as reported and fixed in https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325 Tooling and Documentation ========================= - Setup debusine for LTS and ELTS uploads - Tested with curl upload to jessie and libavif to bullseye - Improved LTS documentation on ASAN and UBSAN. (https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/19) - Attended (E)LTS meeting Best regards, Charles [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors
