June Report
In June 2016, my 4th month as a debian-lts contributor, I was
allocated 15 hours and I used all the 15 hours.
In this time I did the following:
* Reviewed numerous security patches for Xen.
* Investigated a regression in a previous Xen update, and reported it to
Bastian Blank.
* Researched security issues in tiff. Confirmed wheezy and CVS versions
are vulerable to CVE-2016-5102.
* Discussed Xen's future and in particular i386 support.
* Uploaded fixed p7zip package. CVS-2016-2335 fixed.
* Researched CVS-2016-2335 in p7zip and found wheezy version not
vulnerable.
* Uploaded fixed imagemagick package. CVE-2016-4563 fixed.
* Looked at fixing CVE-2016-2177 in openssl; However it is considered
non-urgent at this stage and Kurt will deal when new upstream is
released.
* Patched numerous security issues in Pidgin and made available for
Testing. Also helped to identify problem in that upstream security
advisories identify the wrong commits.
Take as an example:
https://www.pidgin.im/news/security/?id=104
This is for CVE-2016-2371 / TALOS-CAN-0139. But references
7b52ca213832 which then is wrong. This commit is for TALOS-CAN-0137
The incorrect information was duplicated in other sources, such as
Debian security tracker.
--
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/
Reply to: