LTS/ELTS Report for January 2020

To: debian-lts@lists.debian.org
Subject: LTS/ELTS Report for January 2020
From: Roberto C. Sánchez <roberto@debian.org>
Date: Sat, 1 Feb 2020 09:01:35 -0500
Message-id: <[🔎] 20200201140135.GH5535@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org

For January 2020 I spent 10.75 on the following LTS tasks:

- git: completed the work begun in December 2019 and published the
  updated package and advisory
- squid3: investigated open issues (CVE-2019-12523, CVE-2019-18676) in
  an attempt to isolate the salient parts of the fixes for backporting;
  found that the lack of detail in the vulnerability reports and the
  lack of a repoducer made it effectively impossible to isolate the
  security-relevant aspects of the changes and also hampered validation
  of any backport attempt; noted this information in the security
  tracker
- samba: triaged open security issues; all were either not present in
  jessie version or sufficiently minor as to be ignored
- tigervnc: began working on an update only to realize that tigervnc
  does not exist in jessie, which led to ...
- review-update-needed: submitted a Salsa MR to this utility script in
  the security tracker repository that adds the option to query rmadison
  for each source package listed in dla-needed.txt or dsa-needed.txt to
  verify its existence in the specified suite(s)

I spent a further 1.75 hours on the following ELTS task:

- git: completed the work begun in December 2019 and published the
  updated package and advisory

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Prev by Date: Re: spamassassin security update in Debian jessie LTS
Next by Date: Re: spamassassin security update in Debian jessie LTS
Previous by thread: Re: spamassassin security update in Debian jessie LTS
Next by thread: LTS report for January 2020
Index(es):
- Date
- Thread