ELTS report November 2022
==========================

1. ELA-729-1. Issued a security update of libjettison-java fixing 1 CVE in
              Stretch.

2. ELA-732-1. Issued a security update of jackson-databind fixing 2 CVE in
              Stretch. I triaged the same CVE as no-dsa in Jessie because the
              UNWRAP_SINGLE_VALUE_ARRAYS feature is disabled by default.

3. ELA-734-1. Issued a security update of tomcat8 fixing 3 CVE in Stretch and 1
              CVE in Jessie. I triaged two more CVE as not-affected.

4. ELA-735-1. Issued a security update of tomcat7 fixing 2 CVE in Jessie.

5. ELA-739-1. Issued a security update of nginx fixing 3 CVE in Stretch and
              Jessie.

6. ELA-742-1. Issued a security update of dhcpcd5 fixing 2 CVE in Stretch.

7. I triaged a possible security vulnerability in xfce4-settings as
   not-affected because the vulnerable code was introduced later.

8. I have been working on a security update of erlang to fix CVE-2022-37026. In
   order to remedy the impact for rabbitmq-server I packaged new upstream versions
   of erlang and backported newer versions of rabbitmq-server and elixir-lang.

9. I have been working on a security update of grub2 for Jessie and Stretch.
   This one will be released in December 2022.