LTS report August 2021
======================

1. DLA-2739-1. Issued a security update for libspf2 fixing 1 CVE.

2. DLA-2741-1. Issued a security update for commons-io fixing 1 CVE. I also
   fixed the same security vulnerability in Buster.

3. Investigated the open security vulnerabilities in libxstream-java and tested
   whether the switch to a whitelist would break reverse-dependencies. Prepared
   a patch to fix the problem in Stretch and Buster.

4. Prepared a security update for qemu fixing 5 CVE.
   Triaged CVE-2021-3544, CVE-2021-3545 and CVE-2021-3546 as not affected.
   Reviewed all postponed CVE and decided to mark CVE-2021-20196, CVE-2021-3748
   and CVE-2021-3735 also as postponed because upstream has not made a decision
   on them yet.

5. Prepared a security update for nettle fixing 2 CVE.

6. Investigated the open CVE in libcommons-compress-java, documented the
   security fixes in the security tracker and decided to mark them as no-dsa
   because of the low severity.