Hi, Here is my LTS report for August 2019. I was allocated 30.5h. I have spent all of them in the following tasks: xymon: + Backport stretch security update to jessie, test it (DLA-1898-1). 389-ds-base: + Triage CVE-2019-10224: not affected in the end, but the situation was a bit messy and it took longer than expected. imagemagick: + Continue my triage work: this took *a lot* of time, for a variety of reasons: upstream does not provide clear security fixes, does not provide clear commit messages or any kind of information relative to changes. I have found additional security relevant issues in the source code and suggested a number of changes to upstream's patches. + Following the triage, prepare the security update (DLA-1888-1). libsdl2: + Triage work for CVE-2019-13616 and CVE-2019-13626: this also turned out to be longer than expected because upstream did not provide clear indications about which patch exactly fixed CVE-2019-13626. tika: + Triage work for recent CVEs, research upstream fixes and ask for confirmation. + Upload did not happen yet, because I encountered difficulties while backporting the patches to jessie. Furthemore, I could not clearly assess that jessie is affected. I am still actively working on this and plan to finish next month. clamav: + Work on clamav's zip bomb issue. Open bug report, triage. + Upload did not happen yet because I was waiting for Sebastian to release 0.101.4+dfsg-0+deb9u1. This happened today, so I expect to be able to release the jessie update tomorrow. faad2: + Review my previous work, investigate and prepare patches for a few more security issues, get them reviewed and merged by upstream. This includes *a lot* of triage work, non trivial debugging and requesting a CVE number for a temporary entry from our tracker. + The last patches have been reviewed and merged this morning, meaning that I will be able to release the jessie update in the next days. Otherwise, the usual triage. I kept an eye on hdf5. cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature