Debian activities (LTS, ELTS) Link to heading
CVE-2023-44487 was discovered that could potentially be exploited to disrupt server operation.
The vulnerability in the h2o HTTP/2 server was related to the handling of certain types of HTTP/2 requests. In certain scenarios, an attacker could send a series of malicious requests, causing the server to process them rapidly and exhaust system resources.
Front-Desk duties for LTS and ELTS.
- Double check of CVE-2023-30847 and marked as not-affected in Debian as the affected versions are never been uploaded.
- mark CVE-2023-41914 for slurm-llnl as EOL.
- mark CVE-2023-42445 as no-dsa for buster.
- Add following packages to dla-needed.txt:
- memcached (elts)
- apache2 (elts)
Other Debian activities Link to heading
- boost1.74_1.74.0+ds1-23, closes #1052887
- golang-github-klauspost-compress_1.17.0+ds1-1~exp1, golang-github-klauspost-compress_1.17.0+ds1-1
- golang-github-golang-jwt-jwt_5.0.0-1, golang-github-golang-jwt-jwt_5.0.0+really4.5.0-1~exp1
- boost1.81_1.81.0-7, closing #1052892
- boost1.74 1.74.0+ds1-23, closing #1052887
- h2o_2.2.5+dfsg2-8, fixing CVE-2023-44487, #1054232
- ocrmypdf_15.2.0+dfsg1-1, fixing #1030339, #1031337, #1031338, #1050101, #1054243