LTS/ELTS Report for November 2019

To: debian-lts@lists.debian.org
Subject: LTS/ELTS Report for November 2019
From: Roberto C. Sánchez <roberto@debian.org>
Date: Mon, 2 Dec 2019 09:12:55 -0500
Message-id: <[🔎] 20191202141255.GB2446@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org

For November I spent 24.5 hours on the following LTS tasks:

- ampache: CVE-2019-12385, CVE-2019-12386 worked with upstream on a
  patch that applied to the version in jessie; finalized fix and
  published final package/advisory
- libqb: CVE-2019-12779, investigate and triage; discussed with upstream
  and other LTS folks; concluded that libqb in jessie should be EOL
- ghostscript: CVE-2019-14869
- symfony: multiple issues (CVE-2019-18886, CVE-2019-18887, and
  CVE-2019-18888 fix; some others triaged as not affecting symfony in
  jessie)
- debian-security-support: related to libqb EOL
- php-horde: worked on patching CVE-2019-12094; corresponding with
  security team regarding assignment of CVE-2019-12094/CVE-2019-12095
  and the possibility of a third and separate vulnerability that may
  require CVE assignment
- nss: CVE-2019-11745

I also spent 21.5 hours on the following ELTS tasks:

- nss: CVE-2019-11745
- bash: CVE-2019-18276 triage
- openjdk-7: backport Markus' openjdk-7 jessie package and work on
  autopkgtest implementation for wheezy


Regards,

-Roberto


-- 
Roberto C. Sánchez

Reply to:

Prev by Date: Re: November LTS Report
Next by Date: (E)LTS report for November
Previous by thread: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
Next by thread: (E)LTS report for November
Index(es):
- Date
- Thread