In June 2016, my 4th month as a debian-lts contributor, I was
allocated 15 hours and I used all the 15 hours.
In this time I did the following:
* Reviewed numerous security patches for Xen.
* Investigated a regression in a previous Xen update, and reported it to
* Researched security issues in tiff. Confirmed wheezy and CVS versions
are vulerable to CVE-2016-5102.
* Discussed Xen's future and in particular i386 support.
* Uploaded fixed p7zip package. CVS-2016-2335 fixed.
* Researched CVS-2016-2335 in p7zip and found wheezy version not
* Uploaded fixed imagemagick package. CVE-2016-4563 fixed.
* Looked at fixing CVE-2016-2177 in openssl; However it is considered
non-urgent at this stage and Kurt will deal when new upstream is
* Patched numerous security issues in Pidgin and made available for
Testing. Also helped to identify problem in that upstream security
advisories identify the wrong commits.
Take as an example:
This is for CVE-2016-2371 / TALOS-CAN-0139. But references
7b52ca213832 which then is wrong. This commit is for TALOS-CAN-0137
The incorrect information was duplicated in other sources, such as
Debian security tracker.
Brian May <firstname.lastname@example.org>