[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

July Report

In June 2017, my 5th month as a debian-lts contributor, I was allocated
14.7 hours and I used all the 14.7 hours.

In this time I did the following:

* Reviewed changes for xen.

* Updated and released security update for pidgin. Fixed:
CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368
CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372
CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376
CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323

* Updated and released binutils. Fixed:
   * CVE-2016-2226.patch: Exploitable buffer overflow
   * CVE-2016-4487.patch: Invalid write due to a use-after-free to array btypevec
   * CVE-2016-4488.patch: Invalid write due to a use-after-free to array ktypevec
   * CVE-2016-4489.patch: Invalid write due to integer overflow
   * CVE-2016-4490-1.patch: Write access violation
   * CVE-2016-4490-2.patch: Write access violation
   * CVE-2016-4492_CVE-2016-4493.patch: Read/write access violations
   * CVE-2016-6131.patch: Libiberty Demangler segfaults
   * CVE-2016-XXXX.patch: Stack buffer overflow when printing bad bytes in
     Intel Hex objects

* Researched security fix for kde4libs. In particular CVE-2016-6232.
Brian May <bam@debian.org>

Reply to: