LTS report for July 2018 - Abhijith PA

To: Debian LTS <debian-lts@lists.debian.org>
Subject: LTS report for July 2018 - Abhijith PA
From: Abhijith PA <abhijith@disroot.org>
Date: Thu, 9 Aug 2018 05:10:16 +0530
Message-id: <[🔎] 9c44ff1f-a01a-83b1-1fa9-8a3f2648b553@disroot.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

July 2018 was my sixth month as a Debian LTS paid contributor. I was
assigned 12 hours (10 plus 2 hours carried from last month).

I have spent these hours on;


 * ant: Backported CVE-2018-10886, TEMP-0904191-9063D5 tested and
   released DLA[1][2]. Thanks to Roberto C. Sánchez for uploading.

 * policykit-1: Backported CVE-2018-1116 from upstream and tested.
   Thanks to Chris Lamb for uploading and releasing DLA[3].

 * ansible: Marked CVE-2018-10874 as not-affected and CVE-2018-10875 as
   no-dsa.

 * libspring-java: Triaging the remaining CVEs. Pending fixes will be
   uploaded in coming days.

 * twig: Working on CVE-2018-13818. Contacted the exploit author for the
   POC clarity.


- --Abhijith PA

[1] - https://lists.debian.org/debian-lts-announce/2018/07/msg00023.html
[2] - https://lists.debian.org/debian-lts-announce/2018/08/msg00004.html
[3] - https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAltrf1sACgkQhj1N8u2c
KO80rg//WiqYRgz7VFGieFIvsiUSp9RfnM9W7HRoVPhsgLcTLP/fbv+N2L9lE8jb
Uuzf/vbu8Gn7Qm3zRuNEkdixE5rOjykclKkv3klXEIS65SNLDlv7tu0cH0OILNtA
Tp1f77Wsi8vTTf7tV2dcLUMAO6at0dfJHjEwNfyR5FaWB1X6h30sDrPvZK8Za47Q
jdkK5haAOjyS/1nq+LFt/2kp0XN5dPGXIXUqNmoHP5BkKpqLlpkIXTE4woDVhc4+
0qKsGP450/Igrqx+eu0ZhvYNb4rKyF41u6AEmoEGI12KHJ0LhFDroYls41BTXv/b
adJasopgD7vwRgsk/x+18OEQQBt1EBOTxcIIA9Tiexmp5C1l1RJTgxNkLk/fKmy0
/NhPOGWfTOTWLjh0nQ/mw0b6awCEB5PTDSvoW81oQP1Oe/5frGDtUcmh4a/KJ+Dd
7hHKE1yxHxNoJlyTgXqnaydT/HnN8mhKrYuoneju1CpyD4facyWr8Kyh6Gg8caWS
7ekNSqf5ybSkN6Od2gRt2VLSTZ5QM0CCyzIBUQ9jRTcKg4Meg7cflYLeZT5Iig9/
A+z0SBiSFYo6yhDWmLTMY2Djnf+/rC8Y/EkCPYOCro37KNhXrO9XOh8PmayABBqH
gd/kRszaSJKceID/eKWg9tBT6UvzXziKTJ7xMJSTbmJFfXz7kP0=
=Z3uA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Checking for regressions after the release of a DLA
Next by Date: Re: twitter-bootstrap / CVE-2018-14040 / CVE-2018-14041 / CVE-2018-14042
Previous by thread: Re: Checking for regressions after the release of a DLA
Next by thread: src:wpa overlap in Debian LTS?
Index(es):
- Date
- Thread