[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

February Report


Here is my LTS report for February.

I was allocated 20 hours. I have spent all of them in the following

* faad2:

  + work on patch for CVE-2018-20362. That was quite time consuming, the
    issue is tightly bound to some very specific parts of the AAC standard
    which is not exactly trivial. I have submitted a patch proposal and
    currently wait for some feedback from upstream. See upstream bug

* liblivemedia:

  + Prepare, test and upload a security update addressing CVE-2019-7314 and
    CVE-2019-6256 (DLA-1690-1).

* qemu:

  + Investigation and triage of CVE-2018-16867, CVE-2019-3812 and CVE-2019-6501.
  + Take a last look at CVE-2018-19665 and mark it postponed since the final
    patch might take some time to come out and the issue is not that critical
  + Prepare, test and upload a security update addressing CVE-2019-6778,
    CVE-2018-16872 and CVE-2018-12617 (DLA-1694-1).

* sssd:

  + Investigate CVE-2018-16838. I will publish the results soon.

* sox:

  + Prepare, test and upload a security update addressing CVE-2017-15370,
    CVE-2017-15372, CVE-2017-18189 and CVE-2017-15642 (DLA 1695-1).

* cairo:

  + review current cves. All of them are small, not very practice relevant crashes
    with low security implications. Mark them no-dsa.

* kde4libs:

  + Start to work on CVE-2019-7443, but I didn't have much time remaining
    for that. To be continued in march.

* tiff:

  + review Brian's work, c.f. mailing list.

Best Regards,

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: