ELTS report January 2025
========================


1. I have been the ELTS frontdesk from 01.01.2025 until 05.01.2025 and were
   responsible triaging newly discovered CVE.

2. I continued the work on iperf3, a bandwidth measuring tool, fixing 3 CVE in
   jessie,stretch and buster. iperf3 is exclusively used as a standalone
   commandline application in Debian although we ship development files as well.
   The oldest versions of iperf3 in Jessie and Stretch were not vulnerable to
   CVE-2024-26306 because the application was not built against openssl.
   However I thought having a newer version would also fix several non-security
   related bugs and being more maintainable in the long-term. Thus I abandoned
   the idea of backporting targeted fixes. There was no risk of regression
   since we didn't ship other applications which depend on the libiperf0
   library. The update was released as ELA-1318-1.

3. I continued the work on openjpeg2 fixing 5 CVE in buster, stretch and
   jessie.