[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

January Report


Here is my LTS report for January.

I was allocated 20 hours. I have spent all of them in the following

* libsndfile:

  + Analyse upstream patch for CVE-2018-19758. Prepare, test and upload
    security update addressing this issue (DLA-1632-1)

* qemu:

  + Investigate CVE-2018-19665, produce a trimmed down version of upstream
    patch[0]. Not uploaded yet, I am still discussing what I consider to be
    issues in the patch, and Philippe Mathieu-Daudé from RedHat is planning
    to release an updated version soon[1].

  + Prepare, test and upload a security update addressing CVE-2018-17958,
    CVE-2018-19489 and CVE-2018-19364 (DLA-1646-1)

* aria2:

  + Analyse, reproduce CVE-2019-3500, backport patch, test and upload it

* libpng:

  + Analyse CVE-2019-6129 and mark it ignored, see my post on upstream's
    bug report.

* openjpeg2:

  + Analyse CVE-2018-5727 and mark it <ignored> in jessie. After discussion
    with the security team decide to mark it unimportant in all suites.

* tmpreaper:

  + Analyse CVE-2019-3461, backport stretch update to jessie (DLA-1640-1)

* phpmyadmin:

  + review lucas' update, issues in table creation.

* faad2:

  + start working on patches. Nothing online yet, this is likely to take a
    few weeks since there are many issues and patches have to be written
    from scratch.

Best Regards,

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916278
[1] https://lists.debian.org/debian-lts/2019/01/msg00071.html

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: