2022/09, FLOSS activity

LTS / ELTS Link to heading

• Communication: IRC/Email/Matrix
• Work with issues, review merge requests, test new functionalities, CI.
• Administrative work and customer support.
• Work with the team.
• Implemented, fixed and updated some scripts (deblts).
• Some preparations for the new website.

Released DLAs Link to heading

1. DLA-3122-1 dovecot_2.3.4.1-5+deb10u7

   • CVE-2021-33515

     The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

   • CVE-2022-30550

     When two passdb configuration entries exist with the same driver and args settings, incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations.

Other (E)LTS-related work Link to heading

• Mark CVE-2020-28200 as ignored for buster.
• Mark CVE-2022-30550 and CVE-2021-33515 as ignored for Jessie and Stretch.

Other Debian activities Link to heading

• Review and sponsor solvespace_3.1+ds1-2
• Close RC-bug #1019061 (gnuplot)
• Prepare and upload:
  • yade_2022.01a-12
  • libopenshot_0.2.7+dfsg1-4, closing RC-Bug #1020020
  • esys-particle_2.3.5+dfsg2-6, closing RC-Bug #1013616
  • eigen3_3.4.0-4
  • alglib_3.19.0-1~exp1