Debian LTS Report for November 2016

To: debian-lts@lists.debian.org
Subject: Debian LTS Report for November 2016
From: Hugo Lefeuvre <hle@debian.org>
Date: Thu, 1 Dec 2016 09:49:33 +0100
Message-id: <[🔎] 20161201084933.ieaf2ogkstz22vf6@hle.local>

Hi,

November 2016 was my third month as a payed Debian LTS contributor.

I was allocated 11 hours. I spent all of them in CVE triage for Xen.

Longer explanation:
 It has been reported by Guido Günter that Xen before v4.4.0-1 embeds
 a copy of QEMU 0.10.2. Xen has version 4.1.4 in wheezy, so it is
 potentially vulnerable to all security issues affecting QEMU in the
 last years.

 I have written a script to determine which security issues had to be
 triaged (roughly 160 security issues involved) and triaged 120 of
 them. 45 issues turned out to be affecting Xen in wheezy.

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: nss security update package ready for review
Next by Date: Re: nss security update package ready for review
Previous by thread: Re: Versioning of new releases in (old)stable (Was: nss security update package ready for review)
Next by thread: LTS Report for November 2016
Index(es):
- Date
- Thread