During this month, I have worked on the following tasks for Debian LTS and ELTS.
This was my initial contact with the LTS/ELTS project and preparation of security updates.
Thanks to Freexian and sponsors for making this possible [0].
Log4cxx
- Investigated CVE-2025-54812 & CVE-2025-54813
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111879
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111881
- Backported upstream patches from PR#{509,512,514} to v0.11.0-2 (bullseye/LTS)
- https://salsa.debian.org/debian/log4cxx/-/merge_requests/2
- Testing and validation of patches inside a bullseye container, incl. a written
test plan (in MR) and passing autopkgtests via SalsaCI pipeline. - https://salsa.debian.org/slyon/log4cxx/-/pipelines/948717
- Landing the same security fixes in Debian testing & stable, to retain a solid
upgrade path. - https://salsa.debian.org/debian/log4cxx/-/merge_requests/1
- https://salsa.debian.org/debian/log4cxx/-/merge_requests/3
- Patches reviewed by @tobi, thanks!
- Published as DLA-4322-1
Cheers,
Lukas