LTS report July 2021
=====================

1. Investigated CVE-2021-33900 in apache-directory-server and triaged it as
   not-for-us because the vulnerability was in a related but different project
   which has not been packaged yet.
2. Prepared a security update for tomcat8 (Stretch) and tomcat9 (Buster) fixing
   3 CVE each.
3. Investigated CVE-2021-29425 in commons-io and prepared a patch fixing one CVE.
4. Prepared a security update for lrzip fixing 9 CVE.
5. Prepared a security update for xmlgraphics-commons fixing 1 CVE in all
   suites.
6. Investigated the undetermined vulnerability CVE-2020-28600 in openscad,
   CVE-2017-2910 in r-cran-readxl, CVE-2020-19716 in exiv2 and CVE-2019-9423 in
   opencv.
7. Continued the work on ceph.
8. Tested a patch for an embargoed systemd security vulnerability
   CVE-2021-33910.