Thorsten Alteholz: My Debian Activities in December 2023
FTP master
This month I accepted 235 and rejected 13 packages. The overall number of packages that got accepted was 249. I also handled lots of RM bugs and almost stopped the increase in packages this month :-). Please be aware, if you don t want your package to be removed, take care of it and keep it in good shape!
Debian LTS
This was my hundred-fourteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded:
- [DLA 3686-1] xorg-server security update for two CVEs to fix privilege escalation
- [DLA 3686-2] xorg-server security update for one CVE to really fix privilege escalation. Unfortunately the first patches provided by upstream did not really solve the problem, so here we are in round 2
- [DLA 3699-1] libde265 security update for three CVEs to fix heap buffer or global buffer overflows
- [DLA 3700-1] cjson security update for one CVE to fix a segmentation violation
- [#1056934] Bookworm PU-bug for libde265; I could finally upload the package
- [#1056737] Bookworm PU-bug for minizip; I could finally upload the package
- [libde265]For the next round of CVEs of libde265 I prepared debdiffs for Bullseye and Bookworm and sent them to the maintainer.
- [cjson]I prepared debdiffs for Bullseye and Bookworm and sent them to the maintainer.
- [ELA-1019-1]xorg-server security update for two CVEs to fix privilege escalation
- [ELA-1019-2]xorg-server security update for to really fix privilege escalation. As with the DLAs above, the first patches provided by upstream did not really solve the problem, so here we are in round 2
- [ELA 1027-1] libde265 security update for three CVEs in Stretch to fix heap buffer or global buffer overflows
- cups/Bookworm to fix a bug related to color printing
- hplip to fix a bug related to /usr-merge
- libpktriggercord to fix a /usr-merge bug
- indi-nightscape to fix a /usr-merge bug
- indi-ffmv to fix a /usr-merge bug
- indi-armadillo-platypus to fix a /usr-merge bug
- indi-orion-ssg3 to fix a /usr-merge bug
- indi-sx to fix a /usr-merge bug
- usb-modeswitch-data to fix a /usr-merge bug
- libcontra it is sometimes a bit amazing what software phones home