LTS/ELTS Report for September 2018

To: debian-lts@lists.debian.org
Subject: LTS/ELTS Report for September 2018
From: Roberto C. Sánchez <roberto@debian.org>
Date: Mon, 1 Oct 2018 12:29:43 -0400
Message-id: <[🔎] 20181001162943.pd4xofavorx5l7ni@santiago.connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org

For September I spent 15 hours on the following LTS tasks:

- qemu: triage/investigate CVE-2017-11334, CVE-2018-12617,
  CVE-2018-15746 (all were deferred)
- ghostscript: CVE-2018-16543 (I made an attempt at a fix but ended up
  turning it back over to Markus, who was able to complete a fix)
- php5: CVE-2018-17082 (prepared an update from the new upstream release
  5.6.38)
- sympa: review and upload an update for CVE-2018-1000671 by Abhijith PA
- imagemagick: CVE-2018-16329, CVE-2018-16412, CVE-2018-16413,
  CVE-2018-16642, CVE-2018-14551, CVE-2018-16643 (there are still more
  CVEs to address in the next upload; I will continue working on those)

I also spent 16 hours on the following ELTS tasks:

- mupdf: triage/investigate CVE-2018-16647, CVE-2018-16648 (both were
  N/A)
- openssh: CVE-2018-15473, prepared an update and a regression update
  following reports of problems with the initial update
- lcms/lcms2: CVE-2018-16435, prepared updates for both packages
- php5: CVE-2018-17082, backported patch from 5.6.38 and prepared update
- nss: CVE-2018-12384, backported upstream patch and now waiting on
  upstream bug to become public for access to a reproducer to confirm
  the fix

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Prev by Date: Re: Bug#909999: ghostscript (via pdf2ps) crashes on most inputs following upgrade to 9.06~dfsg-2+deb8u9
Next by Date: Re: Gnutls investigation and request for advice for Jessie
Previous by thread: Re: Bug#909999: ghostscript (via pdf2ps) crashes on most inputs following upgrade to 9.06~dfsg-2+deb8u9
Next by thread: Re: Gnutls investigation and request for advice for Jessie
Index(es):
- Date
- Thread