[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

January LTS Report


Here is my LTS report for January 2020.

I was allocated 12 hours. I have spent 5.5 of them in the following


 + investigate the issue, and come to the conclusion that a fix will be
   hard to obtain without access to the reproducer. Contact Ray Essick
   from Google on behalf of the LTS and security teams. Finally upstream
   released an official fix which I uploaded as DLA-2100-1.


 + monitor and investigate a regression in a previous update. This is
   tracked upstream via [0]. Unfortunately I could not give this issue as
   much attention as I wanted to this month.


 + investigate CVE-2018-1311 and communicate a patch proposal [2]. The
   implementation is ongoing work and was limited by the amount of time I
   could invest in my LTS tasks this month. My priority is to get this
   upstreamed and uploaded in february.


 + monitor & investigate. yet another complicated case... Upstream commited
   a patch which does not seem fit for release to me. See [1]. I intend to
   spend more time on this and take a final decision in the next few days.


 + dla-needed triage, keep an eye on open, pending issues.
 + review qemu update from Utkarsh.

The remaining hours will be returned to the pool.


[0] https://github.com/knik0/faad2/commit/a8dc3f8ce67f4069cfa4d5cf0fcc2c6e8ef2c2aa
[1] https://lists.debian.org/debian-lts/2020/01/msg00056.html
[2] https://lists.debian.org/debian-lts/2020/01/msg00055.html

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: