Hi, April 2017 was my eighth month as a payed Debian LTS contributor. I was allocated 15.5 hours. I spent all of them doing the following tasks: * Prepare, test and upload a security update for potrace (1.10-1+deb7u2) fixing CVE-2016-8685. * Prepare, test and upload a security update for partclone (0.2.48-1+deb7u1) fixing CVE-2017-6596. Both issues required extensive debugging (see ML for potrace), specific test-environment setup (partclone CVE only reproducible on i386) and non-trivial modifications to the upstream patch, which explains the high amount of hours spent to fix only two CVEs. Best Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature