[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LTS report for March 2018 - Abhijith PA

This is my second month as a Debian LTS paid contributor. I was assigned
8hours and I spend all of it for the following.

* golang: Continued my work on Backporting CVE-2018-7187.
  Thanks to Chris Lamb for uploading and releasing DLA[1]

* zsh: Backport CVE-2014-10070, CVE-2014-10071, CVE-2014-10072,
  CVE-2016-10714, CVE-2017-18206. Test, upload (and released DLA[2] by
  Chris Lamb)

* graphite2: Initial Plan was to backport CVE-2018-7999 and worked on
  it. But later decided to tag it as 'no-DSA' to follow security team.

* uwsgi: Investigated on CVE-2018-7490 and later decided not to upload
  as it is not affecting wheezy without the uwsgi-plugin-php. Thanks to
  Gero Treuner for the patch and review.

* libvncserver: Backport CVE-2018-7225, test and release DLA[3].
  Thanks to Lundqvist for uploading.

In my volunteer time I also prepared a security update for
phpmyadmin[4][5] in oldstable, but no feedback yet. If someone could
review and upload, it will be great.


[1] https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html
[2] https://lists.debian.org/debian-lts-announce/2018/03/msg00007.html
[3] https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html
[5] test instance running my buid:
(pm me for credentials)

Reply to: