[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

September Report

[re-sending report, was not properly archived]


Here is my (E)LTS report for September.


I was allocated 10 hours. I have spent all of them in the following

* 389-ds work:

  Triage CVE-2018-14638, not affecting Jessie. Investigate CVE-2018-14624,
  which affects Jessie. Backport patch, test and upload it.

* openjpeg2 work:

  Reproduce and investigate CVE-2018-5785, write a patch, get feedback
  from upstream (patch was merged in the master) and backport it for
  Jessie. Not uploaded yet, this patch will be included in a more
  substancial upload this month.


I was allocated 6 hours. I have spent 2.75 of them in the following

* tiff3 work:

  Mark CVE-2018-17101, CVE-2018-17100 and CVE-2018-17000 <ignored>.
  Mark CVE-2018-15209 and CVE-2018-16335 <postponed> (I have tried to
  investigate the issues and develop a patch but couldn't reproduce the
  issues properly on my system. Also, I discovered that recent fixes made
  exploit and reproduction even harder. After spending some time on it
  I decided to just postpone them and wait for a patch from upstream).

Best Regards,

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: