[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

August Report


August 2017 was my 12th month as a payed Debian LTS contributor.

I was allocated 14 hours. I have spent all of them doing the following

 * Investigate various CVEs in lame.

   These CVEs are especially difficult to reproduce because wheezy's gcc
   doesn't have asan and reproduction conditions might require a specific

   I initially wrote a patch for CVE-2017-11720 before discovering that
   this CVE was a duplicate of an issue we already fixed in Debian.

   Despite all my efforts I couldn't reproduce CVE-2017-98{69-72} yet.
   I've reported them to upstream and hope to reproduce and fix them next

 * Prepare a security update for clamav fixing CVE-2017-6420 and
   CVE-2017-6418. I'm currently testing it, but the upstream fix for
   CVE-2017-6420 breaks a test. Currently investigating the issue.

 * Have a look at mysql-connector-python, finally decide to wait for more

 * Various CVE Triage for mupdf.

 * Review Diego's work on libav. Ongoing work.

Best Regards,

             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to: