LTS report for February 2021 - Abhijith PA

To: debian-lts@lists.debian.org
Subject: LTS report for February 2021 - Abhijith PA
From: Abhijith PA <abhijith@disroot.org>
Date: Mon, 8 Mar 2021 23:36:28 +0530
Message-id: <YEZnpGcopVEY/T4a@disroot.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

February was my 36th month as a Debian LTS paid contributor. I had a 
total of 19h (assigned and carried from last month). I spent all of 
them for the following;

 * python-pysaml2: Fixed CVE-2017-1000433, CVE-2021-21239. Marked 
   CVE-2021-21238 as ignored[1]. Kept other issues as it is due to 
   invasive changes. DLA 2577-1[2].

 * spip: Fixed TEMP-0000000-803658[3]. Backported all related patches 
   from buster. DLA 2579-1[4].

 * mqtt-client: Included mqtt-client in CVE-2019-0222. Fixed and 
   released DLA 2582-1[5]

 * activemq: Fixed CVE-2017-15709 CVE-2018-11775 CVE-2019-0222 
   CVE-2021-26117. Thanks to Markus for testing the build.
   DLA 2583-1[6]

 * libcaca: Fixed CVE-2021-3410. Tested against PoC[7]. DLA 2584-1[8]

 * jackson-dataformat-cbor: Marked CVE-2020-28491 as no-dsa though 
   fixes are backported patch and tests are adjusted. Patch[9]
   
 * 01/03 - 07/03, 1 week of front desk duty.


 Regards
 Abhijith PA

 [1] - https://security-tracker.debian.org/tracker/CVE-2021-21238
 [2] - https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html
 [3] - https://security-tracker.debian.org/tracker/TEMP-0000000-803658
 [4] - https://lists.debian.org/debian-lts-announce/2021/03/msg00001.html
 [5] - https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html
 [6] - https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
 [7] - https://bugzilla.redhat.com/attachment.cgi?id=1756895
 [8] - https://lists.debian.org/debian-lts-announce/2021/03/msg00006.html
 [9] - https://people.debian.org/~abhijith/CVE-2020-28491.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBGZ6QACgkQhj1N8u2c
KO8N2g/8CSoPZuwVMs2u1j6xVLsaqf7S3UMJgC2BlH+XxOUs8Eyl2buh3WQDzMuY
8Y/kjzJHSggANy/vPLJ4JEhOBCveSElPx4xNpokz/2EO1rY6oxZ1vjZdDkewd22o
URNbkAwNZOn6fN3KUK2unCg2MyCtpbquxvs6G3RBM+09x7FGsVZ3xCj5OhpHTTT9
if4QDpdZvCZ9L06b51NHBJtUs/dMboL9q5PFT2DlTboWBHEhqCgdv2UVuNIg23J+
T2gzuYSNJbEoaMZRMp5cSSCi4+jt/OmfN9Aj3ZLnQWJfUz5BNHMNJj5xhQYb0nup
tsQiOtwmv+GUW/26t1uJVl0PK84Zt32hgnyYH4AcqXDmpIXCPFwAxKwem/B+tjmG
ElY8/OVi2s7oNC9/JerrFE+Q/oN7I4YNe37khyMBcFgBTxDC2P81EG18992DjQ8l
QZFKweKlh8Jk8rHTrvivGbkjv11/BNaKaK7YAhB7qylsQwP+MeVx0i2sg6TJMzS5
yqhDLH5v8GnMUiFRp3df1KUI8Ktmb3z5pXGEHq/ldxR5sNlg/WIXHN6rgWqLaMpT
Js0g0s3EmOwLzlefuT7thNE4VE81P2lwNegeHSjv9MYrQrSvQWvjSbaDK1JohsUF
H1WkyzT32PY8wMoWAM2fHZYMQUT+/QT9HvA900qQ+hxxyPqOgXQ=
=KZi8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: privoxy stretch package 3.0.26-3+deb9u2 prepared
Next by Date: Re: privoxy stretch package 3.0.26-3+deb9u2 prepared
Previous by thread: Re: privoxy stretch package 3.0.26-3+deb9u2 prepared
Next by thread: CVE-2021-3121 stretch patch review request and request for test help
Index(es):
- Date
- Thread