LTS/ELTS Report for November 2018

To: debian-lts@lists.debian.org
Subject: LTS/ELTS Report for November 2018
From: Roberto C. Sánchez <roberto@debian.org>
Date: Mon, 10 Dec 2018 22:17:39 -0500
Message-id: <[🔎] 20181211031738.aocrq6pvjax3qbvg@santiago.connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org

For November I spent 13.75 hours on the following LTS tasks:

- icu: triage CVE-2018-18928, vulnerable code was not present
- libapache-mod-jk: prepared update for CVE-2018-11759 which involved
  backporting new upstream release; upload pending guidance from
  maintianers and security team on corresponding uploads for stable and
  unstable
- symfony: multiple issues, backported patches to fix identified
  vulnerabilities; remaining task is to resolve build/unit test failures
  which likely depend on previous commits in history (i.e., identify
  those commits and add the necessary patches to the package)
- php5: CVE-2018-19518, worked on reproducing

I also spent 10 hours on the following ELTS tasks:

- icu: triage CVE-2018-18928, vulnerable code was not present
- libapache-mod-jk: prepared update for CVE-2018-11759 which involved
  backporting new upstream release; upload pending guidance from
  maintianers and security team on corresponding uploads for stable and
  unstable
- nss: CVE-2018-12384, contacted Mozilla Security Team and they made
  upstream bug report public; began working on reproducing vulnerability
- php5: CVE-2018-19518, worked on reproducing

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Prev by Date: Re: Addressing FreeRDP security issues in Debian jessie (and stretch)
Next by Date: Possible patch-backport problem for libphp-phpmailer (DLA-1591-1)
Previous by thread: Re: Addressing FreeRDP security issues in Debian jessie (and stretch)
Next by thread: Possible patch-backport problem for libphp-phpmailer (DLA-1591-1)
Index(es):
- Date
- Thread