LTS report January 2021 ======================== DLA-2535-1. Issued a security update for ansible fixing 4 CVE, investigated three more CVE and marked them as not-affected for Stretch. I contacted the maintainer and after some discussion decided to address open issues in ansible/Buster first and then either backport this version to Stretch or base targeted patches on this release. So far I have been working on fixing 10 CVE in Buster which includes backporting parts of the test suite from newer releases. DLA-2431-2. Issued a regression update for libonig which reverted the patch for CVE-2020-26159. It was discovered that the CVE was a false-positive and a patch was not necessary. DLA-2553-1. Issued a security update for xcftools fixing 2 CVE. I have been working on extending the patch for 32 bit architectures and participated in further discussions with the security team around xcftools in Debian. I have prepared several backports and updates of unbound which enables us to continue the support of unbound in Stretch. A new source package unbound1.9 will be uploaded to Stretch in February and another update of src:unbound will be uploaded to Buster together with a patch to address CVE-2020-28935.