June Report

To: debian-lts@lists.debian.org
Subject: June Report
From: Brian May <brian@linuxpenguins.xyz>
Date: Fri, 01 Jul 2016 18:10:26 +1000
Message-id: <[🔎] 87mvm1vkwd.fsf@prune.linuxpenguins.xyz>

In June 2016, my 4th month as a debian-lts contributor, I was
allocated 15 hours and I used all the 15 hours.

In this time I did the following:

* Reviewed numerous security patches for Xen.

* Investigated a regression in a previous Xen update, and reported it to
  Bastian Blank.

* Researched security issues in tiff. Confirmed wheezy and CVS versions
  are vulerable to CVE-2016-5102.

* Discussed Xen's future and in particular i386 support.

* Uploaded fixed p7zip package. CVS-2016-2335 fixed.

* Researched CVS-2016-2335 in p7zip and found wheezy version not
  vulnerable.

* Uploaded fixed imagemagick package. CVE-2016-4563 fixed.

* Looked at fixing CVE-2016-2177 in openssl; However it is considered
  non-urgent at this stage and Kurt will deal when new upstream is
  released.

* Patched numerous security issues in Pidgin and made available for
  Testing. Also helped to identify problem in that upstream security
  advisories identify the wrong commits.

  Take as an example:

  https://www.pidgin.im/news/security/?id=104

  This is for CVE-2016-2371 / TALOS-CAN-0139. But references
  7b52ca213832 which then is wrong. This commit is for TALOS-CAN-0137

  The incorrect information was duplicated in other sources, such as
  Debian security tracker.
-- 
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/

Reply to:

Next by Date: Re: Wheezy update of ruby-eventmachine?
Next by thread: Re: Wheezy update of ruby-eventmachine?
Index(es):
- Date
- Thread