[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

November Report


Here is my LTS report for November.

I was allocated 15 hours. I have spent all of them in the following

* openjpeg2:

  Continue my investigations on CVE-2018-18088, finish patch and get it
  reviewed by upstream (actually merged). Triage CVE-2018-5785 as not
  affecting Jessie (vulnerable code introduced later).

  Prepare a jessie security upload including my work from the previous
  months, test and upload it (DLA 1579-1).

  Investigate CVE-2018-6616 and start developing a patch addressing this
  issue. See upstream bug report.

* liblivemedia:

  Prepare, test and upload security update addressing CVE-2018-4013
  (DLA 1582-1). Upload was also done for Stretch.

* libtiff:

  Investigate CVE-2018-19210, prepare a patch addressing this issue.
  Still waiting for review from upstream, see

* libsndfile:

  Take a look at the state of older CVEs, looks like some of them triaged
  no-dsa might be worth an upload. Assess their reproducibility, add to
  dla-needed and start preparing upload.

* misc:

  + test and review Santiago's QEMU upload.

Best Regards,

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: