LTS/ELTS Report for January 2020
For January 2020 I spent 10.75 on the following LTS tasks:
- git: completed the work begun in December 2019 and published the
updated package and advisory
- squid3: investigated open issues (CVE-2019-12523, CVE-2019-18676) in
an attempt to isolate the salient parts of the fixes for backporting;
found that the lack of detail in the vulnerability reports and the
lack of a repoducer made it effectively impossible to isolate the
security-relevant aspects of the changes and also hampered validation
of any backport attempt; noted this information in the security
tracker
- samba: triaged open security issues; all were either not present in
jessie version or sufficiently minor as to be ignored
- tigervnc: began working on an update only to realize that tigervnc
does not exist in jessie, which led to ...
- review-update-needed: submitted a Salsa MR to this utility script in
the security tracker repository that adds the option to query rmadison
for each source package listed in dla-needed.txt or dsa-needed.txt to
verify its existence in the specified suite(s)
I spent a further 1.75 hours on the following ELTS task:
- git: completed the work begun in December 2019 and published the
updated package and advisory
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: