Hi, during August I worked 10 of the allocated 10 hours on LTS. During this time I did the following: - Triaged 10+ Xen XSAs and forwarded the results to credativ so they can prepare an updated package. - Triaged sevaral qemu CVEs and released DLA-1070-1 and DLA-1071-1 to fix the ones that affect Wheezy in qemu-kvm and qemu by backporting the upstream patches. Triaged more CVEs towards the end of the month. - Look into CVE-2017-7526 and release DLA-1080-1 to fix this in gnupg by applying the upstream patches. Also prepared an upload for Jessie. - Investigated libdbd-mysql-perl CVEs (#866821 and #866818), pinged upstream that reverted an already applied patch for one of them and added clarifications to the BTS. - Prepared patches for tcpdump CVEs CVE-2017-11541 and CVE-2017-11542 and sent them upstream. CVE-2017-11543 was not reproducible on either Wheezy or Stretch. - Prepared thunderbird 52.3 for wheezy. Upload is pending an enigmail update. Cheers, -- Guido
Attachment:
signature.asc
Description: PGP signature