LTS report February 2024
========================

1. I have been LTS frontdesk from 26.02.2024 to 03.03.2024. I
   triaged newly discovered CVE in jetty9, libuv1, yard, apache-mime4j,
   arm-trusted-firmware, c-ares, freeglut, krb5, less,
   libcommons-compress-java, ncurses, node-es5-ext, nvidia-graphics-drivers,
   php-phpseclib, phpseclib, plasma-workspace, python-cryptography,
   python-scrapy, systemd, texlive-bin, cpio, dnsmasq, qpdf and more packages.

2. I have been working on fixing 3 CVE for imlib2, which I am also responsible
   for as Debian's maintainer.

3. I have been working on CVE-2024-25710 and had a look at older CVE for
   libcommons-compress-java. Currently I believe the older ones are correctly
   triaged and no further action is required.

4. I have been working on an all distributions upgrade for
   CVE-2024-22201/Jetty9.

5. I picked up tomcat9 again and will either remove it from our todo
   list for now or prepare a small update soon.

6. I revisited squid and started to work on another solution to backport
   CVE-2023-5824 to older squid releases.

7. I prepared a new wordpress point update which incorporates the fixes
   reported in Wordpress' security announcement from late January. No CVE have been
   assigned yet. The security update was released as DLA-3756-1.