LTS report for March (& February) 2020 - Abhijith PA

To: Debian LTS <debian-lts@lists.debian.org>
Subject: LTS report for March (& February) 2020 - Abhijith PA
From: Abhijith PA <abhijith@disroot.org>
Date: Sun, 5 Apr 2020 02:14:42 +0530
Message-id: <[🔎] e3bf33a1-0bf0-7c58-bd5e-7113ff52eae7@disroot.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

February
========

I was assigned 14 hours for February. Unfortunately I didn't do
anything. I hold 2h and gave back rest to the pool.


March
=====

I was assigned 14 hours for March as well plus 2 hours from the
previous month. I spent all the hours on the following:

* Tomcat8: There were 5 CVEs reported - CVE-2019-12418 fixed and
  uploaded[1], CVE-2019-17569 was not affecting current version in
  jessie thus marked as no-affected. Backporting CVE-2019-17563,
  CVE-2020-1935 and CVE-2020-1938 turned out to be too intrusive and
  thus marked as no-dsa. Might be upgrading to 8.5.x branch.

* ruby2.1: Fixed CVE-2016-2338 and uploaded[2].

* 1 week of front-desk duty ( Marked puppet as not-affected, Added
  shiro, okular, tika, libperlspeak-perl, ruby2.1, mumble, otrs2 to the
  dla-needed.txt)

* mumble: Following up a regression in last update.

* otrs2: 5 CVEs reported - CVE-2020-1771 marked as no-affected,
  the upstream patch for CVE-2020-1769  is not working as intended.
  CVE-2020-1770, CVE-2020-1772, CVE-2020-1773 are patched.


Regards
Abhijith PA

[1] - https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html
[2] - https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl6I8bkACgkQhj1N8u2c
KO9YrQ//ei4rsK3UoC6Jb8TTxCuQu0kg/mMq2XKfYQ0GmpG4oWVSo0yosWkbQljk
CdoeU8cKI4AxkNMnyWEtn0xvtRzD5Fo+kEIgPg4GRktILEoka0fUmIPyhz1rs7BA
Gw0xtZJYx0sset4lAYB3u9D7uyrlyrCemxTrbU7+cKsE74s5XECevP6ynIgCb8Fy
xEK8XZsBxp56FFlXzClQtrLEWN92ASi4IDKFjG0jnsZ3tZ/udBXR9tdifF00aaVn
ejv7t+m3E0WDaZCK+VaMQ60bcBdqvuhNwFrGcKwhK7VsxUOHbiUBx+qMUgZdxkm6
TGMT9z5Yis1oK521DmLgRZG6mNZjQGqI8RLufw22NlJu5XDDEEuFZaZa0ML+o8fO
lLRz0JQgk2QIS6ewwdf0BthGkxq2StoZjmwqFvgFaSxF7iG5VPHFTTE4Qdb9EjGf
kiy+VRqTcqyKVjZEo56mlCfTZ+334qvAL6I6S7ShganwwbK4K1k2ehGa0ijuHCIj
/fIOH9dqC+IYb5faI+nTw3w4Vf++dPw/Jt5vxaWzM1Yza6j0TCUWVzUfksJpUYur
QUFVpkBGj7jshvEOMrP6zcnY2U8xsfDspIWgZeV9wBN7dXBThOdVwmHaJJyzccYo
FmWW/kkvNHFok7u5WOw+CajLW5p99VWQsBpNyBVdnLzJvEuBkV0=
=++UJ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Request to delay Jessie end date due to current conditions
Next by Date: Re: CVE-2020-10648 in u-boot
Previous by thread: Re: Request to delay Jessie end date due to current conditions
Next by thread: Re: CVE-2020-10648 in u-boot
Index(es):
- Date
- Thread