LTS report January 2024
=======================

1. DLA-3709-2. Issued a squid regression update to fix Debian bug #1060857. The
               fix for CVE-2023-46846 introduced a regression which was resolved
               by this update.

2. DLA-3721-1. Issued a security update of xorg-server fixing 6 CVE in Buster.

3. tomcat9 is currently affected by CVE-2024-21733. I believe this issue is of
   minor severity and a fix for it can be postponed.

4. knot-resolver: I have been working on knot-resolver, a caching DNS resolver.
   While the most recently discovered CVE-2023-46317 requires no immediate action,
   my intention was to address earlier issues from 2019 as well, so that the
   overall package has the same coverage as its version in Bullseye.

5. DSA-5637-1. Issued a security update for squid fixing 10 CVE in Bookworm and
               Bullseye. Initially the work on it began in January but had to
               be postponed when new CVE were discovered later. I tried to find
               a way to backport the fix for CVE-2023-5824 and CVE-2024-25111
               to older releases but the task has not been completed yet.

6. DLA-3736-1. Issued a security update for unbound fixing 2 CVE in Buster.

7. I have been assigned being LTS frontdesk from 08.01.2024 to 21.01.2024. I
   triaged newly discovered CVE in atril, exiftags, libspreadsheet-parsexlsx-perl,
   pillow, rear, ruby-httparty, modsecurity-crs, optipng, gsoap, evince, jinja2,
   qtbase-opensource-src, squid and more packages.