LTS report for March (& February) 2020 - Abhijith PA
-----BEGIN PGP SIGNED MESSAGE-----
I was assigned 14 hours for February. Unfortunately I didn't do
anything. I hold 2h and gave back rest to the pool.
I was assigned 14 hours for March as well plus 2 hours from the
previous month. I spent all the hours on the following:
* Tomcat8: There were 5 CVEs reported - CVE-2019-12418 fixed and
uploaded, CVE-2019-17569 was not affecting current version in
jessie thus marked as no-affected. Backporting CVE-2019-17563,
CVE-2020-1935 and CVE-2020-1938 turned out to be too intrusive and
thus marked as no-dsa. Might be upgrading to 8.5.x branch.
* ruby2.1: Fixed CVE-2016-2338 and uploaded.
* 1 week of front-desk duty ( Marked puppet as not-affected, Added
shiro, okular, tika, libperlspeak-perl, ruby2.1, mumble, otrs2 to the
* mumble: Following up a regression in last update.
* otrs2: 5 CVEs reported - CVE-2020-1771 marked as no-affected,
the upstream patch for CVE-2020-1769 is not working as intended.
CVE-2020-1770, CVE-2020-1772, CVE-2020-1773 are patched.
 - https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html
 - https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----