ELTS report May 2025
====================

1. ELA 1433-1: I issued a security and regression update for glib2.0 fixing 1
               CVE in jessie. As mentioned in the previous report, while I was
               working on updating the subversion package, I discovered a
               regression in glib2.0 introduced in ELA-625-1 in order to fix
               CVE-2021-27218. The inline keyword in the gmem.h header file was
               not defined if software used an older C standard which led to a
               build failure when building reverse-dependencies of GLib, e.g.
               subversion.

2. ELA-1434-1: The fix in ELA 1433-1 allowed us to publish the security update
               for subversion fixing 1 CVE in jessie, stretch and buster.

3. ELA-1435-1: Issued a security update for libfcgi-perl fixing 1 CVE in
               jessie, stretch and buster. The update was straightforward since
               the version of libfcgi-perl was almost identical in all
               supported distributions. The impact was a potential denial of
               service when runnning interactive programs with a web server.

4. While I was updating varnish in bullseye, I had a look at varnish in
   jessie, stretch and buster. I am currently working on a buster update to fix
   the lastest reported CVE but intend to backport them to stretch and jessie
   too provided they do not introduce a regression.

5. I have been working on updating the ublock-origin addon for Firefox and
   Chromium in supported releases. The update will be released shortly after the
   release for bullseye and will fix CVE-2025-4215.

6. I have been the ELTS front desk from 12.05.2025 to 18.05.2025 and triaged
   newly discovered CVE in supported packages.