November Report

To: debian-lts@lists.debian.org
Subject: November Report
From: Brian May <bam@debian.org>
Date: Mon, 28 Nov 2016 17:28:55 +1100
Message-id: <[🔎] 87k2boruc8.fsf@prune.linuxpenguins.xyz>

This month I had 10 hours and I spent my 10 hours on the following
projects:

* Researched CVE-2016-9013 in python-django and found to be not worthy of
  fixing.
* Upload fixed version of python-django.
  * CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True.
* Upload fixed version of lynx-cur.
  * CVE-2016-9179: invalid URL parsing with '?'.
* Research monit CVE-2016-7067 CSRF issue.
* Research asterisk. Ask if it is supported in Wheezy. Add links to upstream
  advisories in secure-testing.
-- 
Brian May <bam@debian.org>

Reply to:

Prev by Date: RFC - ImageMagick, proper testing, and handling issues without a CVE ID
Next by Date: Re: RFC - ImageMagick, proper testing, and handling issues without a CVE ID
Previous by thread: Re: RFC - ImageMagick, proper testing, and handling issues without a CVE ID
Next by thread: monit/CVE-2016-7067: call for testing
Index(es):
- Date
- Thread