Re: August Report

To: Brian May <bam@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: August Report
From: Ola Lundqvist <ola@inguza.com>
Date: Thu, 1 Sep 2016 10:38:19 +0200
Message-id: <[🔎] CABY6=0krEDzchjqe6weK94-Qivg5FY-ig1ADcgps9eFwVAfO_A@mail.gmail.com>
In-reply-to: <[🔎] 87lgzcqc93.fsf@prune.linuxpenguins.xyz>
References: <8737lx43j4.fsf@prune.linuxpenguins.xyz> <[🔎] 87lgzcqc93.fsf@prune.linuxpenguins.xyz>

Hi Brian

I had the same issue a month ago. It solved itself after a few days
when new issues were found.

// Ola

On Thu, Sep 1, 2016 at 10:02 AM, Brian May <bam@debian.org> wrote:
> Hello,
>
> Just wondering how I should spend my LTS hours. If I look at the list of
> unclaimed packages for LTS: this list is of packages that are under
> control, unclear they are vulnerable, or raise difficult issues. So for
> the first time since starting LTS work, I am unsure what I can do that I
> am capable of doing safely.
>
> For status reports on these packages I have looked at, see the
> references in the email I am replying to -
> 8737lx43j4.fsf@prune.linuxpenguins.xyz.
>
> - this is not counting matrixssl, see my other email for the status of
> this, [🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz
>
> === cut ===
> The following packages are used by our customers (by order of decreasing importance, more hours means more important):
>
> * openssl (100 %)
>   NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
>   NOTE: because the wheezy version is completely missing the checks being
>   NOTE: fixed!  Those checks should probably be added by cherry-picking
>   NOTE: additional upstream changes.
>   NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
>   NOTE: priority issues and will fix them after the next release of OpenSSL.
>
> * roundcube (7.19 %)
>
> * mailman (0.3 %)
>   NOTE: Thijs Kinkhorst said on debian-lts that he wants to have a look
>
>
> Remaining issues are: (no customers have expressed need for support yet)
>
> * chicken
>
> * mat
>   NOTE: the fix for this issue: https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
>   is not available yet. It will be available in next upstream release (already
>   in upstream roadmap).
>
> * matrixssl
>   NOTE: the bignum implementation is in crypto/peersec/mpi.c
>
> * wordpress
>   NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB upgrade fails.
> === cut ===
>
>
> --
> Brian May <bam@debian.org>
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: August Report
  - From: Brian May <bam@debian.org>

References:
- Re: August Report
  - From: Brian May <bam@debian.org>

Prev by Date: Re: August Report
Next by Date: Re: August Report
Previous by thread: Re: August Report
Next by thread: Re: August Report
Index(es):
- Date
- Thread