ELTS report September 2022 ========================== 1. ELA-689-1. Issued a security update for poppler fixing 6 CVE in Stretch and Jessie. 2. ELA-693-1. Issued a security update for snakeyaml fixing 4 CVE in Stretch and Jessie. 3. ELA-699-1. Issued a security update for asterisk fixing 2 CVE in Stretch and investigated 3 CVE and marked them as not affected (CVE-2021-26906, CVE-2022-31031, CVE-2021-46837). I also reviewed the remaining postponed CVE. 4. ELA-700-1. Issued a security update for git fixing 2 CVE in Stretch and Jessie. I triaged CVE-2022-29187 as no-dsa (Minor issue) because the patch required an additional patch series for CVE-2022-24765 which was intrusive and introduced a breaking change. The exploit also required root privileges and an rather unusual setup. 5. ELA-703-1. Issued a security update for mediawiki fixing 1 CVE in Stretch. I triaged CVE-2022-41767 as not-affected because the ip_changes table was introduced in version 1.30.