[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

June Report

In June 2016, my 4th month as a debian-lts contributor, I was
allocated 15 hours and I used all the 15 hours.

In this time I did the following:

* Reviewed numerous security patches for Xen.

* Investigated a regression in a previous Xen update, and reported it to
  Bastian Blank.

* Researched security issues in tiff. Confirmed wheezy and CVS versions
  are vulerable to CVE-2016-5102.

* Discussed Xen's future and in particular i386 support.

* Uploaded fixed p7zip package. CVS-2016-2335 fixed.

* Researched CVS-2016-2335 in p7zip and found wheezy version not

* Uploaded fixed imagemagick package. CVE-2016-4563 fixed.

* Looked at fixing CVE-2016-2177 in openssl; However it is considered
  non-urgent at this stage and Kurt will deal when new upstream is

* Patched numerous security issues in Pidgin and made available for
  Testing. Also helped to identify problem in that upstream security
  advisories identify the wrong commits.

  Take as an example:


  This is for CVE-2016-2371 / TALOS-CAN-0139. But references
  7b52ca213832 which then is wrong. This commit is for TALOS-CAN-0137

  The incorrect information was duplicated in other sources, such as
  Debian security tracker.
Brian May <brian@linuxpenguins.xyz>

Reply to: