Hi,
April 2018 was my 20th month as a payed Debian LTS contributor.
I was allocated 20.5 hours. I have spent all of them in the following
tasks:
* Continue my Ming work:
- Finish to prepare patch for ming issue #121, test it and get it
merged. Also ask for CVE number. (2.5h)
- Prepare, test and upload ming 1:0.4.4-1.1+deb7u8 (DLA 1343-1).
This upload was fairly long to test since it ships more than
eight fixes, including all patches from last month and the one
for issue #121.
* Continue my tiff and tiff3 work:
- Finish patch for CVE-2018-7456 and get it merged by upstream.
- Prepare, test and upload tiff 4.0.2-6+deb7u19 and
tiff3 3.9.6-11+deb7u10 (DLA 1346-1, DLA 1347-1).
- Try to reproduce CVE-2018-8905, investigate, and start to prepare
a patch addressing it. These investigations required a very large
amount of work, lots of specification reading (TIFF, LZW) and
debugging. You can find a good summary of my investigations on the
Debian bug report. I have a patch draft which I hope to be able to
submit in the next days.
Next month I intend to finish my tiff work and dedicate as many hours as
possible to libav.
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA
Attachment:
signature.asc
Description: PGP signature