LTS report September 2021
=========================

1. Prepared a security update for ruby-kaminari (Buster) fixing 1 CVE.

2. Prepared a regression update for qemu and reverted the patch for
   CVE-2021-3592 to fix Debian bug #994080.

3. DLA-2764-1. Issued a security update for tomcat8 fixing 1 CVE.

4. Prepared a security update for tomcat9 (Buster) fixing 1 CVE.

5. DLA-2766-1. Issued a security update for libxml-security-java fixing 1 CVE
   in Stretch and prepared a security update for Buster fixing 2 CVE.

6. Investigated the open CVE in jsoup and after preparing a preliminary patch,
   I proposed to the security team to either backport the latest upstream release
   (because of the many changes to the parser code) or to ignore the issue.
   Later the decision was made to mark CVE-2021-37714 as no-dsa.

7. Investigated the 11 open CVE of fig2dev and prepared a security update.
   Issued DLA-2778-1.

8. DLA-2779-1. Issued a security update for mediwiki fixing 3 CVE. Marked
   CVE-2021-41800 and CVE-2021-41801 as not-affected.

9. Issued DLA-2618-3. Backported the missing fix for CVE-2018-13982 in the Smarty.class.php
   getter function. Reproduced the regression reported in Debian bug #989141,
   and tested the proposed fix by Abhijith PA.