[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

October LTS Report


Here is my LTS report for October 2019.

I was allocated 46.5 hours (22.75h + 23.75h from last month). I have spent
all of them in the following tasks:


 + Backport 0.101.4+dfsg-0+deb9u1 to jessie in order to fix the Zip bomb
   issues (DLA-1953-1).

   This triggered an ABI transition, requiring additional uploads to dansguardian,
   havp, python-pyclamav and c-icap-modules.

   Note: tests were long, especially regarding c-icap-modules because I stumbled
   across a variety of bugs. I even needed to fix a Debian packaging bug in order
   to test the package properly.

   This update/transition was not trivial and a regression was found:
   - https://alioth-lists.debian.net/pipermail/pkg-clamav-devel/2019-October/007497.html

   I addressed this issue in DLA-1953-2.


 + Triage CVE-2018-21010. Prepare, test and upload a jessie update
   addressing this issue (DLA-1950-1). Prepare, test and submit a
   stretch-pu update addressing this issue (2.1.2-1.1+deb9u4).


 + Prepare test and upload regression update for libsdl1.2 (DLA-1713-2).


 + Prepare test and upload regression update for libsdl2 (DLA-1714-2).


 + Reproduce CVE-2019-16723, produce a detailed report and get it reviewed
   by upstream. Not affected in the end.


 + Start to investigate, open bug report and ask upstream for more
   information. Still ongoing, the maintainer will handle the update.


 + Investigate CVE-2019-17540, open bug report and ask Dirk Lemstra for more information.
   Update mitre CVE entry. Following this: prepare, test and upload a security update for
   imagemagick (DLA-1968-1).


 + Write a patch for CVE-2019-12211:
   To be upstreamed before releasing a DLA.


 + Investigate CVE-2019-17626, still no upstream fix yet.

& various misc triage


                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: