[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LTS Activity Report for December 2017

during December I worked 13.5 of the allocated 13.5 hours (11h + 2.5h
from previous months) on LTS. During this time I did the following:

* libvorbis: The plan was to get this resolved in December but although
  the fixes for CVE-2017-14632 and CVE-2017-14633 were applied upstream
  now my patch for CVE-2017-14160 is still without comments and I'm not
  yet sure about the root cause. So I spent some more time on this but
  will have to look into this again in January.

* Triaged 4 QEMU CVEs and marked them as postponed since they can
  be updated when more serious issues pile up.

* Triaged some XEN CVEs and handled the communication with Credativ.

* Tested lts-bts script again and committed it to the secure-testing
  repository (since nobody objected).

* Prepared and released DLA-1221-1 and DLA-1222-1 fixing CVE-2017-17405 and
  CVE-2017-17790 in ruby1.8 and ruby1.9.1.

* Prepared and released DLA-1223-1 to fix several issues in Thunderbird
  formerly known as Icedove.

* Updated some LTS related scripts to continue to work after the
  security-tracker's SVN→Git migration and helped Salvatore a bit with
  the actual migration (although most of this was done on non-LTS time).

 -- Guido

Reply to: