April Report

To: debian-lts@lists.debian.org
Subject: April Report
From: Hugo Lefeuvre <hle@debian.org>
Date: Tue, 2 May 2017 10:01:10 +0200
Message-id: <[🔎] 20170502080110.xhbu46ma3qr75zve@hle-laptop.local>

Hi,

April 2017 was my eighth month as a payed Debian LTS contributor.

I was allocated 15.5 hours. I spent all of them doing the following
tasks:

* Prepare, test and upload a security update for potrace
  (1.10-1+deb7u2) fixing CVE-2016-8685.

* Prepare, test and upload a security update for partclone
  (0.2.48-1+deb7u1) fixing CVE-2017-6596.

Both issues required extensive debugging (see ML for potrace),
specific test-environment setup (partclone CVE only reproducible on
i386) and non-trivial modifications to the upstream patch, which
explains the high amount of hours spent to fix only two CVEs.

Best Regards,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: Security issues in libpodofo. Request for advice.
Next by Date: Re: Security issues in libpodofo. Request for advice.
Previous by thread: Re: Security issues in libpodofo. Request for advice.
Next by thread: Re: April report
Index(es):
- Date
- Thread