Hi,
Here is my LTS report for February.
I was allocated 20 hours. I have spent all of them in the following
tasks:
* faad2:
+ work on patch for CVE-2018-20362. That was quite time consuming, the
issue is tightly bound to some very specific parts of the AAC standard
which is not exactly trivial. I have submitted a patch proposal and
currently wait for some feedback from upstream. See upstream bug
report.
* liblivemedia:
+ Prepare, test and upload a security update addressing CVE-2019-7314 and
CVE-2019-6256 (DLA-1690-1).
* qemu:
+ Investigation and triage of CVE-2018-16867, CVE-2019-3812 and CVE-2019-6501.
+ Take a last look at CVE-2018-19665 and mark it postponed since the final
patch might take some time to come out and the issue is not that critical
anyways.
+ Prepare, test and upload a security update addressing CVE-2019-6778,
CVE-2018-16872 and CVE-2018-12617 (DLA-1694-1).
* sssd:
+ Investigate CVE-2018-16838. I will publish the results soon.
* sox:
+ Prepare, test and upload a security update addressing CVE-2017-15370,
CVE-2017-15372, CVE-2017-18189 and CVE-2017-15642 (DLA 1695-1).
* cairo:
+ review current cves. All of them are small, not very practice relevant crashes
with low security implications. Mark them no-dsa.
* kde4libs:
+ Start to work on CVE-2019-7443, but I didn't have much time remaining
for that. To be continued in march.
* tiff:
+ review Brian's work, c.f. mailing list.
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature