LTS report for March 2019 - Abhijith PA

To: Debian LTS <debian-lts@lists.debian.org>
Subject: LTS report for March 2019 - Abhijith PA
From: Abhijith PA <abhijith@disroot.org>
Date: Fri, 5 Apr 2019 20:05:15 +0530
Message-id: <[🔎] 0e91ade1-4cea-dc3d-7ee7-3c47aa42f342@disroot.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

March 2019 was my 14th month as a Debian LTS paid contributor. I was
assigned 14 hours and I spend all of them for the following:

 * otrs: Fixed CVE-2019-9752, tested and uploaded[1]

 * wordpress: New version uploaded to fix CVE-2019-8942, CVE-2019-9787
   and released DLA[2]. Backporting fixes are not an option for
   wordpress. No neat description regarding the fixes nor reply from
   upstream developers.

 * ruby2.1: Fixed couple of vulnerabilities in the rubygems in ruby2.1
   and released DLA[3]

 * mumble: regression reported[4]. A new build was made which maintainer
   helped in testing with researcher's PoC but still susceptible to DoS.
   Will prepare an update with latest version in its point release.

 * jruby: the same rubygems vulnerability also affects in jruby.
   Currently jruby in jessie is FTBFS. Working on fixing it and
   remaining issues.


Regards
Abhijith PA

[1] - https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html
[2] - https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html
[3] - https://lists.debian.org/debian-lts-announce/2019/03/msg00037.html
[4] - https://github.com/mumble-voip/mumble/issues/3605
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlynZ54ACgkQhj1N8u2c
KO80HBAAhFUErKF8TJdYvow4ZVRzMSSwoTN3hKOEdrn4tpEepOskvf4thcw+vSlH
sSSSMskLOfy1DKQYbjNE/p3NFg3+/Nam7oOzGoC026NlfuankJJ6QVkSQ+3npFmi
qqAwj3JKs0wvSvH6N4DN8awYRszO4HYUoWhelCMpm+nEwXngr7eOnBgezHFZcVwG
qqgxyOgMfdcePMF3h6db0IbxBJLplEJfo3Xjpiz6yp6whfyQynQk6apfJpSlKoXF
TtiVt8zCcdwXFQcMvj0j+x/1lKHpVafH0Hd7CrLfT1IGoVUFi2p0+LXArEPA8sB1
WZIb5kZIqPTJNe/iAoqfoLPPhdAZoNd0AznAmfqru5Z1hUzyANW6FlxcNrqm13wU
IY9Fk8syybJM5O6TAMFe/aTSanzKtHdR3IGoE0A79Z3ybK+Qshyodqpb+8wDQbAu
ydXSLs4ntohE1DwcJXMHbfdAvXoFmmCqoPxTE0sOv/9N95lX7ADkuQOrmAeqB99r
4VRiNHni0ZtFO0OAjtAZUiith6b62P3CossVUgoVH2ErFCPwhL6sNhbsAjYC+EFT
zzVebGvKITWw7aBE9UaKRggHVCPozFER0iUEMnaDOUhk78fl0fBGdR75G17WwQsY
AGKez9TRzUeicM1RhmvhJlz0OZyaS2rAbTHwrgf+nmDoFELjJ7U=
=51fL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Debian LTS logo
Next by Date: Re: Debian LTS logo
Previous by thread: Re: Debian LTS logo
Next by thread: CVE-2019-10906 - jinja sandbox escape poc
Index(es):
- Date
- Thread