ELTS report July 2024
=====================


1. July 2024 marked the beginning of ELTS support for Debian 10 "Buster".
   Freexian currently maintains three Debian distributions: Jessie, Stretch and
   Buster.
   I have been working as "frontdesk" from 29.07.2024 to 03.08.2024 and
   investigated and triaged newly discovered Common Vulnerabilities and
   Exposures (CVE) ids in supported packages in all distributions namely:
   python-django, orc, twisted, python2.7, curl, unrar-nonfree, rar, twister,
   wireshark, openimageio and pdns-recursor.

2. The work on backporting the fix for CVE-2024-34397 to glib2.0 in jessie is
   still ongoing. In the process various problems occurred such as build failures
   due to the introduction of new reference counting types and functions which
   required more time to resolve than initially anticipated.

3. ELA-1145-1. Issued a security update for curl fixing CVE-2024-7264 in
   jessie, stretch and buster.

4. I have been investigating two new CVE in tomcat9,tomcat8 and tomcat7 and how
   they affect the currently supported versions.

5. ELA-1125-1. Issued a security update for ffmpeg fixing 6 CVE in stretch.