Re: August Report
Hi Brian
I had the same issue a month ago. It solved itself after a few days
when new issues were found.
// Ola
On Thu, Sep 1, 2016 at 10:02 AM, Brian May <bam@debian.org> wrote:
> Hello,
>
> Just wondering how I should spend my LTS hours. If I look at the list of
> unclaimed packages for LTS: this list is of packages that are under
> control, unclear they are vulnerable, or raise difficult issues. So for
> the first time since starting LTS work, I am unsure what I can do that I
> am capable of doing safely.
>
> For status reports on these packages I have looked at, see the
> references in the email I am replying to -
> 8737lx43j4.fsf@prune.linuxpenguins.xyz.
>
> - this is not counting matrixssl, see my other email for the status of
> this, [🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz
>
> === cut ===
> The following packages are used by our customers (by order of decreasing importance, more hours means more important):
>
> * openssl (100 %)
> NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
> NOTE: because the wheezy version is completely missing the checks being
> NOTE: fixed! Those checks should probably be added by cherry-picking
> NOTE: additional upstream changes.
> NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
> NOTE: priority issues and will fix them after the next release of OpenSSL.
>
> * roundcube (7.19 %)
>
> * mailman (0.3 %)
> NOTE: Thijs Kinkhorst said on debian-lts that he wants to have a look
>
>
> Remaining issues are: (no customers have expressed need for support yet)
>
> * chicken
>
> * mat
> NOTE: the fix for this issue: https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
> is not available yet. It will be available in next upstream release (already
> in upstream roadmap).
>
> * matrixssl
> NOTE: the bignum implementation is in crypto/peersec/mpi.c
>
> * wordpress
> NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB upgrade fails.
> === cut ===
>
>
> --
> Brian May <bam@debian.org>
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola@inguza.com Folkebogatan 26 \
| opal@debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: