Accepted libspreadsheet-parseexcel-perl 0.6500-1+deb10u1 (source) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Dec 2023 00:53:09 +0100 Source: libspreadsheet-parseexcel-perl Architecture: source Version: 0.6500-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Perl Group Changed-By: Guilhem Moulin Closes:

[SECURITY] [DLA 3702-1] libspreadsheet-parseexcel-perl security update

- Debian LTS Advisory DLA-3702-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS

Accepted tinyxml 2.6.2-4+deb10u2 (source) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Dec 2023 15:10:00 +0100 Source: tinyxml Architecture: source Version: 2.6.2-4+deb10u2 Distribution: buster-security Urgency: high Maintainer: Felix Geyer Changed-By: Guilhem Moulin Closes: 1059315 Changes: tinyxml

[SECURITY] [DLA 3701-1] tinyxml security update

- Debian LTS Advisory DLA-3701-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS

Accepted libreoffice 1:6.1.5-3+deb10u11 (source) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Dec 2023 09:39:36 + Source: libreoffice Architecture: source Version: 1:6.1.5-3+deb10u11 Distribution: buster-security Urgency: high Maintainer: Debian LibreOffice Maintainers Changed-By: Bastien Roucariès Changes:

CVE-2023-48795: Backporting strict key exchange to older libssh

Hello, I am working to backport the fix for CVE-2023-48795 to libssh 0.8.7, as part of Debian's Long Term Support effort, funded by Freexian SARL. (I will later be seeking to backport the fix to 0.7.3 and 0.6.3 too, as part of Freexian's Extended Long Term Support effort.) I have two queries

[SECURITY] [DLA 3700-1] cjson security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3700-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz December 30, 2023

[SECURITY] [DLA 3699-1] libde265 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3699-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz December 30, 2023

Accepted cjson 1.7.10-1.1+deb10u2 (source) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 27 Dec 2023 21:03:02 +0100 Source: cjson Architecture: source Version: 1.7.10-1.1+deb10u2 Distribution: buster-security Urgency: medium Maintainer: Yanhao Mo Changed-By: Thorsten Alteholz Changes: cjson (1.7.10-1.1+deb10u2)

Re: libssh CVE-2023-6004, CVE-2023-6918, CVE-2023-48795

Hello, On Mon 25 Dec 2023 at 11:31am +01, Martin Pitt wrote: > Hello Sean and security team, > > Sean Whitton [2023-12-24 9:12 +]: >> I have taken responsibility for fixing these CVEs in libssh in buster, >> as part of Freexian-funded LTS work. I would like to see if I can help >> get them

Accepted libde265 1.0.11-0+deb10u6 (source) into oldoldstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Dec 2023 23:03:02 +0100 Source: libde265 Architecture: source Version: 1.0.11-0+deb10u6 Distribution: buster-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Thorsten Alteholz Changes: