Hello,
This was my tenth month working on LTS and ELTS. Thank you to Freexian
and Freexian's sponsors for making these projects possible:
<https://www.freexian.com/lts/debian/#sponsors>
LTS
- emacs
- Determined that CVE-2024-30203 and CVE-2024-30204 should be merged.
I submitted a request to MITRE to action that.
It is always nice to have the opportunity, in my LTS team work, to
participate in the wider free software security ecosystem like this.
- Uploaded fixes for CVE-2024-30202, CVE-2024-30203, CVE-2024-30204 &
CVE-2024-30205 to bookworm-proposed-updates, and filed a stable
update request.
- Uploaded fixes for CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205
to bullseye-proposed-updates, and filed an oldstable update request.
- Published DLA-3801-1 addressing CVE-2024-30203, CVE-2024-30204 &
CVE-2024-30205.
- org-mode
- Determined that CVE-2024-30202 doesn't apply to buster and bullseye.
- Uploaded fixes for CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205
to bullseye-proposed-updates, and filed an oldstable update request.
- Published DLA-3802-1 addressing CVE-2024-30204, CVE-2024-30205 &
CVE-2024-30206.
For these problems fixed in Emacs and Org-mode, upstream Org-mode
developers Ihor Radchenko and Max Nikulin provided helpful input and
test cases. They helped me confirm my belief that two of the CVEs
should be merged.
I am one of Emacs's co-maintainers and I co-ordinate the team
maintaining Org-mode in Debian. I am grateful to have received
Freexian funding for working on these updates.
- Participated in monthly meeting.
- Reviewed updates to the LTS documentation.
ELTS
I started looking at the corresponding Emacs updates for ELTS, but they
were only added to ela-needed close to the end of the month, so I will
be working on them at the beginning of May.
I did spend some time following up on correspondence for ELTS.
--
Sean Whitton
Attachment:
signature.asc
Description: PGP signature