Hi,
May 2017 was my tenth month as a payed Debian LTS contributor.
I was allocated 15 hours. I spent all of them doing the following
tasks:
* Investigate CVE-2016-8686 in potrace. We finally decided to let
this issue no-dsa (low importance issue, hich patch complexity)
(https://lists.debian.org/debian-lts/2017/05/msg00032.html)
* Prepare and test a security update for apng2gif fixing CVE-2017-6960
(self written patch). Not uploaded yet, should be done soon. See
#854367.
* Coordinate with Diego Biurrun to handle the remaining CVEs affecting
libav.
This month again, both issues required extensive debugging, testing
and patch development (see ML and BTS for apng2gif), which explains
the high amount of hours spent on only two issues.
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature