[re-sending report, was not properly archived]
Hi,
Here is my (E)LTS report for September.
---
LTS
I was allocated 10 hours. I have spent all of them in the following
tasks:
* 389-ds work:
Triage CVE-2018-14638, not affecting Jessie. Investigate CVE-2018-14624,
which affects Jessie. Backport patch, test and upload it.
* openjpeg2 work:
Reproduce and investigate CVE-2018-5785, write a patch, get feedback
from upstream (patch was merged in the master) and backport it for
Jessie. Not uploaded yet, this patch will be included in a more
substancial upload this month.
----
ELTS
I was allocated 6 hours. I have spent 2.75 of them in the following
tasks:
* tiff3 work:
Mark CVE-2018-17101, CVE-2018-17100 and CVE-2018-17000 <ignored>.
Mark CVE-2018-15209 and CVE-2018-16335 <postponed> (I have tried to
investigate the issues and develop a patch but couldn't reproduce the
issues properly on my system. Also, I discovered that recent fixes made
exploit and reproduction even harder. After spending some time on it
I decided to just postpone them and wait for a patch from upstream).
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature