Debian LTS and ELTS report: April 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: April 2025
From: "Andrej Shadura" <andrewsh@debian.org>
Date: Fri, 02 May 2025 16:42:44 +0200
Message-id: <[🔎] d537cddd-35b2-4a4d-963b-26bc1e5aaf0b@app.fastmail.com>

Hello everyone,

Here’s my monthly report for the work I’ve done for Debian LTS
and ELTS in April 2025.

Thanks to Freexian and sponsors for making this possible:
https://www.freexian.com/lts/debian/#sponsors

LTS
===

libnet-easytcp-perl

  I have uploaded an update for Net::EasyTCP Perl module to address
  the fact it relied on an insecure random number generator.

libbssolv-perl

  A small but important update to the BSSolv Perl module narrowly missed
  the bullseye release, but prevented Open Build Service running on bullseye
  from working correctly with some Debian packages.
  I have uploaded this non-security fix to bullseye.
  This upload was not sponsored by Freexian.

golang-github-gorilla-csrf

  I have uploaded the fix for this Go package and several other Go packages
  that embedded its code in the binaries. I plan to upload this to buster as
  well in May (if relevant), and potentially in bookworm.

mbedtls

  I continued my work on an update to mbedtls. I intend to upload this update
  fixing a bunch of CVEs once I get it reviewed, and then do a follow-up upload
  with more fixes if I manage to backport them.

ELTS
====

I haven’t done anything for ELTS this month, but in May I will focus on ELTS.

-- 
Cheers,
  Andrej

Reply to:

Prev by Date: Injecting arm-trusted-firmware on security-master for bullseye-security build of u-boot
Next by Date: Re: Injecting arm-trusted-firmware on security-master for bullseye-security build of u-boot
Previous by thread: Re: Injecting arm-trusted-firmware on security-master for bullseye-security build of u-boot
Next by thread: Debian LTS and ELTS report: April 2025
Index(es):
- Date
- Thread