LTS report for July 2018 - Abhijith PA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
July 2018 was my sixth month as a Debian LTS paid contributor. I was
assigned 12 hours (10 plus 2 hours carried from last month).
I have spent these hours on;
* ant: Backported CVE-2018-10886, TEMP-0904191-9063D5 tested and
released DLA[1][2]. Thanks to Roberto C. Sánchez for uploading.
* policykit-1: Backported CVE-2018-1116 from upstream and tested.
Thanks to Chris Lamb for uploading and releasing DLA[3].
* ansible: Marked CVE-2018-10874 as not-affected and CVE-2018-10875 as
no-dsa.
* libspring-java: Triaging the remaining CVEs. Pending fixes will be
uploaded in coming days.
* twig: Working on CVE-2018-13818. Contacted the exploit author for the
POC clarity.
- --Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2018/07/msg00023.html
[2] - https://lists.debian.org/debian-lts-announce/2018/08/msg00004.html
[3] - https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAltrf1sACgkQhj1N8u2c
KO80rg//WiqYRgz7VFGieFIvsiUSp9RfnM9W7HRoVPhsgLcTLP/fbv+N2L9lE8jb
Uuzf/vbu8Gn7Qm3zRuNEkdixE5rOjykclKkv3klXEIS65SNLDlv7tu0cH0OILNtA
Tp1f77Wsi8vTTf7tV2dcLUMAO6at0dfJHjEwNfyR5FaWB1X6h30sDrPvZK8Za47Q
jdkK5haAOjyS/1nq+LFt/2kp0XN5dPGXIXUqNmoHP5BkKpqLlpkIXTE4woDVhc4+
0qKsGP450/Igrqx+eu0ZhvYNb4rKyF41u6AEmoEGI12KHJ0LhFDroYls41BTXv/b
adJasopgD7vwRgsk/x+18OEQQBt1EBOTxcIIA9Tiexmp5C1l1RJTgxNkLk/fKmy0
/NhPOGWfTOTWLjh0nQ/mw0b6awCEB5PTDSvoW81oQP1Oe/5frGDtUcmh4a/KJ+Dd
7hHKE1yxHxNoJlyTgXqnaydT/HnN8mhKrYuoneju1CpyD4facyWr8Kyh6Gg8caWS
7ekNSqf5ybSkN6Od2gRt2VLSTZ5QM0CCyzIBUQ9jRTcKg4Meg7cflYLeZT5Iig9/
A+z0SBiSFYo6yhDWmLTMY2Djnf+/rC8Y/EkCPYOCro37KNhXrO9XOh8PmayABBqH
gd/kRszaSJKceID/eKWg9tBT6UvzXziKTJ7xMJSTbmJFfXz7kP0=
=Z3uA
-----END PGP SIGNATURE-----
Reply to: