LTS report for March 2018 - Abhijith PA

To: Debian LTS <debian-lts@lists.debian.org>
Subject: LTS report for March 2018 - Abhijith PA
From: Abhijith PA <abhijith@disroot.org>
Date: Sun, 1 Apr 2018 10:54:50 +0530
Message-id: <[🔎] 84bee189-de2e-52c4-233c-db033b5ae5e9@disroot.org>

This is my second month as a Debian LTS paid contributor. I was assigned
8hours and I spend all of it for the following.

* golang: Continued my work on Backporting CVE-2018-7187.
  Thanks to Chris Lamb for uploading and releasing DLA[1]

* zsh: Backport CVE-2014-10070, CVE-2014-10071, CVE-2014-10072,
  CVE-2016-10714, CVE-2017-18206. Test, upload (and released DLA[2] by
  Chris Lamb)

* graphite2: Initial Plan was to backport CVE-2018-7999 and worked on
  it. But later decided to tag it as 'no-DSA' to follow security team.

* uwsgi: Investigated on CVE-2018-7490 and later decided not to upload
  as it is not affecting wheezy without the uwsgi-plugin-php. Thanks to
  Gero Treuner for the patch and review.

* libvncserver: Backport CVE-2018-7225, test and release DLA[3].
  Thanks to Lundqvist for uploading.



In my volunteer time I also prepared a security update for
phpmyadmin[4][5] in oldstable, but no feedback yet. If someone could
review and upload, it will be great.


--abhijith

[1] https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html
[2] https://lists.debian.org/debian-lts-announce/2018/03/msg00007.html
[3] https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html
[4]
https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.2.12-2+deb8u3.dsc
[5] test instance running my buid: http://159.65.202.84:9001/phpmyadmin/
(pm me for credentials)

Reply to:

Next by Date: Re: [SECURITY] [DLA 1334-1] mosquitto security update
Next by thread: Re: [SECURITY] [DLA 1334-1] mosquitto security update
Index(es):
- Date
- Thread