LTS/ELTS Report for November 2019
For November I spent 24.5 hours on the following LTS tasks:
- ampache: CVE-2019-12385, CVE-2019-12386 worked with upstream on a
patch that applied to the version in jessie; finalized fix and
published final package/advisory
- libqb: CVE-2019-12779, investigate and triage; discussed with upstream
and other LTS folks; concluded that libqb in jessie should be EOL
- ghostscript: CVE-2019-14869
- symfony: multiple issues (CVE-2019-18886, CVE-2019-18887, and
CVE-2019-18888 fix; some others triaged as not affecting symfony in
jessie)
- debian-security-support: related to libqb EOL
- php-horde: worked on patching CVE-2019-12094; corresponding with
security team regarding assignment of CVE-2019-12094/CVE-2019-12095
and the possibility of a third and separate vulnerability that may
require CVE assignment
- nss: CVE-2019-11745
I also spent 21.5 hours on the following ELTS tasks:
- nss: CVE-2019-11745
- bash: CVE-2019-18276 triage
- openjdk-7: backport Markus' openjdk-7 jessie package and work on
autopkgtest implementation for wheezy
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: