[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

December Report


December 2017 was my 16th month as a payed Debian LTS contributor.

I was allocated 14 hours. I have spent all of them doing the following

* Finish to debug ming CVE-2017-11732 and write a patch addressing this

  Merged upstream. Will be integrated in the next upload
  (wait for CVE-2017-16898).

* Finish to debug ming CVE-2017-16898 and write a patch addressing this

  Patch not submitted yet, waiting for some testing. Should be done next

 * libav support in wheezy:

   Unfortunately, Diego Biurrun (who was handling libav support in
   Wheezy) could not take part to the libav efforts this month due
   to personal issues, so I had to take the reins. I managed to:

   + Investigate libav CVE-2015-8218: not affected

   + Investigate libav CVE-2015-8216.

     Even though I originally claimed this CVE to not affect Jessie and
     Wheezy, I'm still unable to clearly explain why and a doubt subsists. I
     am going to continue my investigations on this CVE next month.

   + Discover FPE in libav 0.8.21 and investigate it.

     I didn't have the time to find the issue behind this vulnerability. I
     am planning to investigate this issue further next month.

   The backlog is still very high (46 open/undetermined issues now).

Next month I am planning to finish my work on Ming and dedicate the rest
of my assigned hours to my libav related tasks.

Best Regards,

             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA

Attachment: signature.asc
Description: PGP signature

Reply to: