[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LTS report for September 2018 - Abhijith PA



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



( Re-sending the report )


September 2018 was my 8th month as a Debian LTS paid contributor. I was
assigned 15 (10 + 5 hours carried from last month) hours but I only
able to do 11. I am carrying rest to next month.

I have spent these hours on;

 * mupdf: investigated CVE-2018-16647, CVE-2018-16648. Though codebase
   look almost similar. Couldn't reproduce given POC and marked as
   ignored.

 * sympa: Fixed CVE-2018-1000671 and released DLA[1].

 * activemq: Investigated on CVE-2018-11775, which was about enabling
   SSL and backporting such feature to very old codebase seems hard.
   Thus marked as no-dsa.

 * otrs2: Fixed CVE-2018-16586, CVE-2018-16587 and released DLA[2].

 * mgetty: Just released DLA[3] for the update prepared and uploaded by
   Andreas Barth.

 * strongswan: Fixed CVE-2018-16151, CVE-2018-16152 and released DLA[4].

 * jekyll: Prepared update for CVE-2018-17567.


Thanks to Markus Koschany and Roberto C. Sánchez for uploading the fixes
.


Regards.
Abhijith PA

[1]- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html
[2]- https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html
[3]- https://lists.debian.org/debian-lts-announce/2018/09/msg00012.html
[4]- https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlvBWTMACgkQhj1N8u2c
KO9ZLBAAj6Z64PemUS0toWJ1Yl9RbvPMl7h80fa9Sg9Wc2ZF4QhuTYEBP4PE6WN6
7+vCnv93nwccNVfLCUo1Bpqvoj2rzTZqJr7Pk2omX40YTdZRVjvQLyWZ24f47iOm
5FgsMSF5VvGZ+GS1SsCYagIjpuSFH8Uyazq6XR62ce6oEL4kyO4dLdRaPr+/YxBC
9K4NioxRw5wq64nx2PtlKodGbYVhM0qDmAxV1BkMLT7YiaJQMCprj47Cx3LEeWG6
PAN91bRgaVAFyKfQeM4OI7G0PIxAJ8C8vP/JcHaZ2kO4h4E3Yr47lDttEEaPx2Bf
VnFI+JuKzvd7WQqNYWzZgjCxnwTTIH/sgp4CYIqduymtd+wqUMt7mez4e3HCs+FU
jktC/fL7TcSQrc3LxYSBLEKBx6fRm4tJMFJOqFtLcKNDyMkO7rwTRskwgAdT3woq
dvcWzx0T1xbxrfzoJgFSWcE6jOpu5Pcr05JoG9MVVmSGyeAhR+/0WK+34rODvNoG
3n4nYkyDH8qzE68/R6AKk7Rb/ryMmpLL+Kuq9MHek2+IgBrOWNS8NCJE4Y462T4w
YKMuREs9rh3Yyo+dDXJWy0Sq+KzcY9gY5i8gFqUX+w7ZD6UYMQ/SXX4tmpVw0LWr
2fSac7ECRnWdh/Dv+8bq8TYXkBPazb4INqVWIUrIe4tE7FRN8WA=
=Azoz
-----END PGP SIGNATURE-----


Reply to: