LTS Activity Report for December 2017
during December I worked 13.5 of the allocated 13.5 hours (11h + 2.5h
from previous months) on LTS. During this time I did the following:
* libvorbis: The plan was to get this resolved in December but although
the fixes for CVE-2017-14632 and CVE-2017-14633 were applied upstream
now my patch for CVE-2017-14160 is still without comments and I'm not
yet sure about the root cause. So I spent some more time on this but
will have to look into this again in January.
* Triaged 4 QEMU CVEs and marked them as postponed since they can
be updated when more serious issues pile up.
* Triaged some XEN CVEs and handled the communication with Credativ.
* Tested lts-bts script again and committed it to the secure-testing
repository (since nobody objected).
* Prepared and released DLA-1221-1 and DLA-1222-1 fixing CVE-2017-17405 and
CVE-2017-17790 in ruby1.8 and ruby1.9.1.
* Prepared and released DLA-1223-1 to fix several issues in Thunderbird
formerly known as Icedove.
* Updated some LTS related scripts to continue to work after the
security-tracker's SVN→Git migration and helped Salvatore a bit with
the actual migration (although most of this was done on non-LTS time).