LTS Report for September

To: Debian LTS <debian-lts@lists.debian.org>
Subject: LTS Report for September
From: Brian May <brian@linuxpenguins.xyz>
Date: Sun, 24 Sep 2017 15:23:40 +1000
Message-id: <[🔎] 871smwfz4z.fsf@prune.linuxpenguins.xyz>

In September I spent 10 hours on the following tasks:

* Research security issues in various packages, such as Asterisk and
  samplesamplphp.
* Reproduce CVE-2017-14103 in graphicsmagic on Wheezy, Stretch, and
  Unstable. Note that stretch and Unstable are marked as fixed, but I am
  not entirely convinced this is correct, as the exploit fails in
  exactly the same way.
* Noticed that I could not initially reproduce CVE-2017-14103 on wheezy
  because it entered a busy read loop trying to read one byte at a time
  past EOF for a large number of bytes.
* Patched graphicsmagick to fix both above security issues, and uploaded
  a version and made available for testing.

I have not yet had a chance to look at CVE-2017-14504, will do so next
month.
--
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/

Reply to:

Prev by Date: Re: Wheezy update of mosquitto?
Next by Date: Wheezy update for lame
Previous by thread: Re: Wheezy update of mosquitto?
Next by thread: Wheezy update for lame
Index(es):
- Date
- Thread