Hi, April 2018 was my 20th month as a payed Debian LTS contributor. I was allocated 20.5 hours. I have spent all of them in the following tasks: * Continue my Ming work: - Finish to prepare patch for ming issue #121, test it and get it merged. Also ask for CVE number. (2.5h) - Prepare, test and upload ming 1:0.4.4-1.1+deb7u8 (DLA 1343-1). This upload was fairly long to test since it ships more than eight fixes, including all patches from last month and the one for issue #121. * Continue my tiff and tiff3 work: - Finish patch for CVE-2018-7456 and get it merged by upstream. - Prepare, test and upload tiff 4.0.2-6+deb7u19 and tiff3 3.9.6-11+deb7u10 (DLA 1346-1, DLA 1347-1). - Try to reproduce CVE-2018-8905, investigate, and start to prepare a patch addressing it. These investigations required a very large amount of work, lots of specification reading (TIFF, LZW) and debugging. You can find a good summary of my investigations on the Debian bug report. I have a patch draft which I hope to be able to submit in the next days. Next month I intend to finish my tiff work and dedicate as many hours as possible to libav. Best Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA
Attachment:
signature.asc
Description: PGP signature