Hi,
Here is my LTS report for November.
I was allocated 15 hours. I have spent all of them in the following
tasks:
* openjpeg2:
Continue my investigations on CVE-2018-18088, finish patch and get it
reviewed by upstream (actually merged). Triage CVE-2018-5785 as not
affecting Jessie (vulnerable code introduced later).
Prepare a jessie security upload including my work from the previous
months, test and upload it (DLA 1579-1).
Investigate CVE-2018-6616 and start developing a patch addressing this
issue. See upstream bug report.
* liblivemedia:
Prepare, test and upload security update addressing CVE-2018-4013
(DLA 1582-1). Upload was also done for Stretch.
* libtiff:
Investigate CVE-2018-19210, prepare a patch addressing this issue.
Still waiting for review from upstream, see
https://gitlab.com/libtiff/libtiff/merge_requests/47
* libsndfile:
Take a look at the state of older CVEs, looks like some of them triaged
no-dsa might be worth an upload. Assess their reproducibility, add to
dla-needed and start preparing upload.
* misc:
+ test and review Santiago's QEMU upload.
https://lists.debian.org/debian-lts/2018/11/msg00125.html
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature