July Report

To: debian-lts@lists.debian.org
Subject: July Report
From: Brian May <bam@debian.org>
Date: Tue, 26 Jul 2016 18:53:00 +1000
Message-id: <[🔎] 87oa5kg4r7.fsf@prune.linuxpenguins.xyz>

In June 2017, my 5th month as a debian-lts contributor, I was allocated
14.7 hours and I used all the 14.7 hours.

In this time I did the following:

* Reviewed changes for xen.

* Updated and released security update for pidgin. Fixed:
CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323

* Updated and released binutils. Fixed:
   * CVE-2016-2226.patch: Exploitable buffer overflow
   * CVE-2016-4487.patch: Invalid write due to a use-after-free to array btypevec
   * CVE-2016-4488.patch: Invalid write due to a use-after-free to array ktypevec
   * CVE-2016-4489.patch: Invalid write due to integer overflow
   * CVE-2016-4490-1.patch: Write access violation
   * CVE-2016-4490-2.patch: Write access violation
   * CVE-2016-4492_CVE-2016-4493.patch: Read/write access violations
   * CVE-2016-6131.patch: Libiberty Demangler segfaults
   * CVE-2016-XXXX.patch: Stack buffer overflow when printing bad bytes in
     Intel Hex objects

* Researched security fix for kde4libs. In particular CVE-2016-6232.
-- 
Brian May <bam@debian.org>

Reply to:

Prev by Date: Re: xen_4.1.6.1-1+deb7u2.dsc
Next by Date: Re: xen_4.1.6.1-1+deb7u2.dsc
Previous by thread: Re: Security update of Wordpress
Next by thread: Security update of openssh for wheezy
Index(es):
- Date
- Thread