Hi, here are some remarks about my work last month.
- python-tornado (DSA/ELTS) DSA-5938-1 and ELA-1473-1 have been released to fix CVE-2025-47287. The fix has not landed in Stretch yet due to issues with the testsuite. I'm not sure if there is a good solution for Stretch, though. - python-flask-cors (PU) A PU request has been opened in #1108508 to fix CVE-2024-1681, CVE- 2024-6839, CVE-2024-6844, and CVE-2024-6866 after CVE-2024-6839 was actually fixed in Sid (thanks to Carsten for the upload). - u-boot (LTS/PU) I've continued working on the patches for CVE-2021-27138 and CVE-2021- 27097. The patchsets are ready now and are currently tested. A DLA can be expected after successful testing. Thanks to @jspricke and @kanashiro for their feedback. A PU is in the workings as well - nagvis (LTS/PU) As requested by @roberto, I prepared a PU. It is currently tested. It has been suggested to remove nagvis from the list of supported packages, though. I have therefor not looked further into backporting newer versions. - fort-validator (PU) The PU request in #1098783 was finally approved and uploaded. - pytorch (LTS) I started working on pytorch. - mysql-connector-python (ELTS) I continued, but was only able to dedicate a small amount of time this month. - commons-vfs (ELTS/PU) I applied @apo's patch to the Buster and the Bookworm version and released ELA-1479-1 to fix CVE-2025-27553. The PU request is documented in #1108548. - misc I looked into multiple packages and added my findings to the security tracker and our *-needed.txt files accordingly. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
signature.asc
Description: This is a digitally signed message part
