Hi, Here is my LTS report for January 2020. I was allocated 12 hours. I have spent 5.5 of them in the following tasks: libexif: + investigate the issue, and come to the conclusion that a fix will be hard to obtain without access to the reproducer. Contact Ray Essick from Google on behalf of the LTS and security teams. Finally upstream released an official fix which I uploaded as DLA-2100-1. libfaad: + monitor and investigate a regression in a previous update. This is tracked upstream via [0]. Unfortunately I could not give this issue as much attention as I wanted to this month. xeres-c: + investigate CVE-2018-1311 and communicate a patch proposal [2]. The implementation is ongoing work and was limited by the amount of time I could invest in my LTS tasks this month. My priority is to get this upstreamed and uploaded in february. reportlab: + monitor & investigate. yet another complicated case... Upstream commited a patch which does not seem fit for release to me. See [1]. I intend to spend more time on this and take a final decision in the next few days. misc: + dla-needed triage, keep an eye on open, pending issues. + review qemu update from Utkarsh. The remaining hours will be returned to the pool. regards, Hugo [0] https://github.com/knik0/faad2/commit/a8dc3f8ce67f4069cfa4d5cf0fcc2c6e8ef2c2aa [1] https://lists.debian.org/debian-lts/2020/01/msg00056.html [2] https://lists.debian.org/debian-lts/2020/01/msg00055.html -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature