ELTS report June 2024
=====================


1. After investigating the currently open CVE in ghostscript and preparing a
   security update, I came to the conclusion that the version in stretch is not
   affected by CVE-2024-33869 and CVE-2024-33870 because the gp_validate_path_len function
   was introduced later. The fixes for the other problems relied on newer
   ghostscript API and I did not feel comfortable to try to address these
   issues without it. We made the team decision to ignore them.

2. ELA-1115-1. Issued a security update for glib2.0 fixing 1 CVE
               (CVE-2024-34397) in stretch.

3. I am almost done backporting the fix for CVE-2024-34397 to glib2.0 in
   jessie. An update is imminent.

4. ELA-1107-1. Issued a security update for php7.0 fixing 1 CVE in stretch.

5. ELA-1108-1. Issued a security update for php5 fixing 1 CVE in jessie.

6. ELA-1110-1. Issued a security update for netty fixing 1 CVE in stretch.

7. ELA-1117-1. Issued a security update for gunicorn fixing 1 CVE in stretch.