Debian LTS report for July 2023

[Jochen Sprickerhof]

In July 2023 I've worked on the below listed packages for Freexian 
LTS/ELTS [1].


Many thanks to Freexian and our sponsors [2] for providing this opportunity!

LTS:

- amd64-microcode
  - Release DLA-3511-1 with a new upstream version.

ELTS:

- python-reportlab
  - triaged CVE-2023-33733 (no update needed).

- samba:
  - backported patches for https://bugzilla.samba.org/show_bug.cgi?id=15418
and waiting for a decision if we want to continue the support.


I have also participated in the (E)LTS meeting and improved the internal 
documentation and tooling of the team.


[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Cheers Jochen


signature.asc
Description: PGP signature

Debian LTS report for July 2023

[Guilhem Moulin]

During the month of July 2023 and on behalf of Freexian, I worked on the
following:

  * DLA-3488-1 for node-tough-cookie=2.3.4+dfsg-1+deb10u1
[CVE-2023-26136]
https://lists.debian.org/msgid-search/?m=zkxrmnkoiqoif...@debian.org

  * DLA-3493-1 for symfony=3.4.22+dfsg-2+deb10u2
[CVE-2021-21424, CVE-2022-24894 and CVE-2022-24895]
https://lists.debian.org/msgid-search/?m=zk3jf8mjqvymd...@debian.org

  * DLA-3496-1 for lemonldap-ng=2.0.2+ds-7+deb10u9
[CVE-2023-28862 and fix incorrect backport for CVE-2021-20874]
https://lists.debian.org/msgid-search/?m=zlemv3qczpjl9...@debian.org

  * DLA-3499-1 for libapache2-mod-auth-openidc=2.3.10.2-1+deb10u3
[CVE-2021-39191 and CVE-2022-23527]
https://lists.debian.org/msgid-search/?m=zlcxcsyvnie6p...@debian.org

  * DLA-3507-1 for pandoc=2.2.1-3+deb10u1
[CVE-2023-35936 and CVE-2023-38745, plus responsible disclosure for
the latter]
https://lists.debian.org/msgid-search/?m=zmaecno5w6pxb%2...@debian.org

Thanks to the sponsors for financing the above, and to Freexian for
coordinating!
-- 
Guilhem.


signature.asc
Description: PGP signature