[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

April Report


April 2017 was my eighth month as a payed Debian LTS contributor.

I was allocated 15.5 hours. I spent all of them doing the following

* Prepare, test and upload a security update for potrace
  (1.10-1+deb7u2) fixing CVE-2016-8685.

* Prepare, test and upload a security update for partclone
  (0.2.48-1+deb7u1) fixing CVE-2017-6596.

Both issues required extensive debugging (see ML for potrace),
specific test-environment setup (partclone CVE only reproducible on
i386) and non-trivial modifications to the upstream patch, which
explains the high amount of hours spent to fix only two CVEs.

Best Regards,

             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to: