LTS report for December 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
December was my 22nd month as a Debian LTS paid contributor. I was
assigned 10 hours and I spent all of them for the following:
* python-olso.utils: Marked CVE-2019-3866 as not-affected in jessie.
strutils.py in oslo.utils is doing its job but code changed to
rewrite pattern which in turn used for another module mistral
(openstack dependency). Mistral is absent in jessie.
* otrs2: Fixed CVE-2019-18179, tested, uploaded and released dla[1].
Marked CVE-2019-18180 as not affected. Jessie version has different
method for chopping file names. Confirmed with upstream.
* nethack: Marked eol and updated in security-support-ended.deb8
* tomcat8: Patched CVE-2019-17563 and CVE-2019-12418, though one test
related to this is failing. Will be uploaded soon.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl4TSPUACgkQhj1N8u2c
KO8Idw/+ORJrGo6m4rONcl5ZAKfwKRAGlimT9sRW6Nh6xZxuHRF+vtQ0vEAyaNmg
jenVfQrJwi1UTviza0T5czSB5GdihqrEzBRQprotS7pVJJSJ6yXz/hXKzDM3IoIb
g9lSwTJflA5aKpKfew8eE002xL8UQhLhJ9hRArzsV9ZMnbshX5Jkx6M55UMPHgG0
7jDuqvFBagsDdUclfiUSI8ipfS5U2zI2QjoBNusAVgi0L6cHeZZ1vCUJhKZFXPaK
/Pj1OyvTy856TNClcktyKzIytyCK49COPQsUiWa2GoIUYdKGVD+x2ER3NlDkWFrj
PR6dOBqk7FIYNomowexPDRyDO7129CB72YnGw+dshr4dIuyJmVXeVLCPpOYWi8aN
dkvapVF28lDOiM3CQcoQqjrrsxB+YRBjitSBQJv+oH8buhorczBZ45XNuQfIQUfu
oWolohPK0uNxBjbNSwLIIGRjGpHg/VhQGotVGtpQGay2lz0KDBOhVhIlaP4Udlx6
K1EIaqQkdmHsLlvz33Z7Z9zjFtekMW3DXLqvQEQd+KhLCMI/oHfAK1fsYR4fstlg
IVf5ZmrZpTMkpY4F6KHGqa7OTZUCsvR03jjf88jRmrYCDgQIfhKRAbxHex3MFXCc
UW09Ps6O7EUrwCVM9WN6Ya7uUkDLKyLATTnByCDifWHUGmEbchU=
=+Tpm
-----END PGP SIGNATURE-----
Reply to: