ELTS report September 2022
==========================

1. ELA-689-1. Issued a security update for poppler fixing 6 CVE in Stretch and
              Jessie.

2. ELA-693-1. Issued a security update for snakeyaml fixing 4 CVE in Stretch
              and Jessie.

3. ELA-699-1. Issued a security update for asterisk fixing 2 CVE in Stretch and
              investigated 3 CVE and marked them as not affected (CVE-2021-26906,
              CVE-2022-31031, CVE-2021-46837). I also reviewed the remaining postponed
              CVE.

4. ELA-700-1. Issued a security update for git fixing 2 CVE in Stretch and
              Jessie. I triaged CVE-2022-29187 as no-dsa (Minor issue) because
              the patch required an additional patch series for CVE-2022-24765
              which was intrusive and introduced a breaking change. The exploit
              also required root privileges and an rather unusual setup.

5. ELA-703-1. Issued a security update for mediawiki fixing 1 CVE in Stretch. I
              triaged CVE-2022-41767 as not-affected because the ip_changes
              table was introduced in version 1.30.