[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

My Squeeze LTS activities in June 2015


Last June was my second paid month working on Squeeze LTS. This is how I
spend my 14.75 hours:

* zendframework: I fixed two remaining CVEs from last month:
  CVE-2012-6531 and CVE-2012-6532 and I sent
  [DLA 251-1](https://lists.debian.org/debian-lts-announce/2015/06/msg00017.html).
  Unfortunately, a user found this revision incorrectly fixed
  CVE-2015-3154 and the regression update [DLA 251-2] was needed.

* sqlite3: I triaged three CVEs and verified that they didn't affect
  squeeze. As an extra, I prepared a patch for wheezy to fix one of
  these CVEs.

* t1utils: I sent [DLA 256-1](https://lists.debian.org/debian-lts-announce/2015/06/msg00023.html)
  that fixes one CVE. It was easy to solve. Also as an extra, I've
  prepared an upload to wheezy-security, but it's pending.
  Thanks to Niels Thykier for reviewing this upload.

* ruby1.9.1: I fixed two CVEs that composed the
  [DLA 263-1](https://lists.debian.org/debian-lts-announce/2015/07/msg00000.html).
  This was less trivial than other fixes. Fortunately, the ruby's
  testsuite made it possible to be sure about the expected behaviour.
  Thanks to Guido Günther for helping me to test this package.

* libmodule-signature-perl: I prepared the
  [DLA 264-1](https://lists.debian.org/debian-lts-announce/2015/07/msg00001.html)
  that fixes four CVEs. It was also needed to patch and upload
  libtest-signature-perl for compatibility with the CVE-2015-3407 fix.

Thanks to all contributing on the Squeeze LTS project!


Attachment: signature.asc
Description: Digital signature

Reply to: