LTS Activity Report for December 2017

To: debian-lts@lists.debian.org
Subject: LTS Activity Report for December 2017
From: Guido Günther <agx@sigxcpu.org>
Date: Tue, 2 Jan 2018 19:42:29 +0100
Message-id: <[🔎] 20180102184229.GA11856@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, debian-lts@lists.debian.org

Hi,
during December I worked 13.5 of the allocated 13.5 hours (11h + 2.5h
from previous months) on LTS. During this time I did the following:

* libvorbis: The plan was to get this resolved in December but although
  the fixes for CVE-2017-14632 and CVE-2017-14633 were applied upstream
  now my patch for CVE-2017-14160 is still without comments and I'm not
  yet sure about the root cause. So I spent some more time on this but
  will have to look into this again in January.

* Triaged 4 QEMU CVEs and marked them as postponed since they can
  be updated when more serious issues pile up.

* Triaged some XEN CVEs and handled the communication with Credativ.

* Tested lts-bts script again and committed it to the secure-testing
  repository (since nobody objected).

* Prepared and released DLA-1221-1 and DLA-1222-1 fixing CVE-2017-17405 and
  CVE-2017-17790 in ruby1.8 and ruby1.9.1.

* Prepared and released DLA-1223-1 to fix several issues in Thunderbird
  formerly known as Icedove.

* Updated some LTS related scripts to continue to work after the
  security-tracker's SVN→Git migration and helped Salvatore a bit with
  the actual migration (although most of this was done on non-LTS time).

Cheers,
 -- Guido

Reply to:

Prev by Date: Re: Wheezy update of libhibernate-validator-java?
Next by Date: Re: Wheezy update of exiv2?
Previous by thread: Re: Wheezy update of exiv2?
Next by thread: LTS report for December
Index(es):
- Date
- Thread