Hi, Here is my LTS report for October 2019. I was allocated 46.5 hours (22.75h + 23.75h from last month). I have spent all of them in the following tasks: clamav: + Backport 0.101.4+dfsg-0+deb9u1 to jessie in order to fix the Zip bomb issues (DLA-1953-1). This triggered an ABI transition, requiring additional uploads to dansguardian, havp, python-pyclamav and c-icap-modules. Note: tests were long, especially regarding c-icap-modules because I stumbled across a variety of bugs. I even needed to fix a Debian packaging bug in order to test the package properly. This update/transition was not trivial and a regression was found: - https://alioth-lists.debian.net/pipermail/pkg-clamav-devel/2019-October/007497.html I addressed this issue in DLA-1953-2. openjpeg2: + Triage CVE-2018-21010. Prepare, test and upload a jessie update addressing this issue (DLA-1950-1). Prepare, test and submit a stretch-pu update addressing this issue (2.1.2-1.1+deb9u4). libsdl1.2: + Prepare test and upload regression update for libsdl1.2 (DLA-1713-2). libsdl2: + Prepare test and upload regression update for libsdl2 (DLA-1714-2). cacti: + Reproduce CVE-2019-16723, produce a detailed report and get it reviewed by upstream. Not affected in the end. pam-python: + Start to investigate, open bug report and ask upstream for more information. Still ongoing, the maintainer will handle the update. imagemagick: + Investigate CVE-2019-17540, open bug report and ask Dirk Lemstra for more information. Update mitre CVE entry. Following this: prepare, test and upload a security update for imagemagick (DLA-1968-1). freeimage: + Write a patch for CVE-2019-12211: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597 To be upstreamed before releasing a DLA. python-reportlab: + Investigate CVE-2019-17626, still no upstream fix yet. & various misc triage regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature