ELTS report December 2023
=========================

Due to the holiday season at the end of December some of the work was postponed
until January. I intend to update this report with more information in January.
The January 2024 and December 2023 report should be considered as a whole.

1. I have been working on a security update for Asterisk which is currently
   affected by three security problems. Another one (CVE-2023-38703) actually
   affects the PJSIP (pjproject) library in Stretch. The latter one is a
   minor use-after-free problem with limited security relevance thus the
   decision was made not to address it.

2. I have been working on fixing the current seven open CVE in squid3 (Jessie
   and Stretch). The release is pending. Similar to the Buster version the
   handling of CVE-2023-5824 has yet to be determined.