ELTS report October 2024 ======================== 1. I have been the ELTS frontdesk from 04.11.2024 to 10.11.2024 and triaged newly discovered CVE in supported packages in jessie, stretch and buster. 2. I continued the work on exim4. The release was delayed because of the required testing due to the absence of an effective test suite. The security update was eventually released as ELA-1246-1 fixing 4 CVE in buster, 3 CVE in stretch and 2 CVE in jessie. 3. I investigated open and unresolved CVE in jetty9 and marked CVE-2024-8184 and CVE-2024-6762 as not affected and the remaining issues as ignored because jetty9 was either not vulnerable when used in its usual Debian context or a sensible workaround existed. 4. I continued the work on tomcat7, tomcat8 and tomcat9.