LTS report for February 2021 - Abhijith PA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
February was my 36th month as a Debian LTS paid contributor. I had a
total of 19h (assigned and carried from last month). I spent all of
them for the following;
* python-pysaml2: Fixed CVE-2017-1000433, CVE-2021-21239. Marked
CVE-2021-21238 as ignored[1]. Kept other issues as it is due to
invasive changes. DLA 2577-1[2].
* spip: Fixed TEMP-0000000-803658[3]. Backported all related patches
from buster. DLA 2579-1[4].
* mqtt-client: Included mqtt-client in CVE-2019-0222. Fixed and
released DLA 2582-1[5]
* activemq: Fixed CVE-2017-15709 CVE-2018-11775 CVE-2019-0222
CVE-2021-26117. Thanks to Markus for testing the build.
DLA 2583-1[6]
* libcaca: Fixed CVE-2021-3410. Tested against PoC[7]. DLA 2584-1[8]
* jackson-dataformat-cbor: Marked CVE-2020-28491 as no-dsa though
fixes are backported patch and tests are adjusted. Patch[9]
* 01/03 - 07/03, 1 week of front desk duty.
Regards
Abhijith PA
[1] - https://security-tracker.debian.org/tracker/CVE-2021-21238
[2] - https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html
[3] - https://security-tracker.debian.org/tracker/TEMP-0000000-803658
[4] - https://lists.debian.org/debian-lts-announce/2021/03/msg00001.html
[5] - https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html
[6] - https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
[7] - https://bugzilla.redhat.com/attachment.cgi?id=1756895
[8] - https://lists.debian.org/debian-lts-announce/2021/03/msg00006.html
[9] - https://people.debian.org/~abhijith/CVE-2020-28491.txt
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBGZ6QACgkQhj1N8u2c
KO8N2g/8CSoPZuwVMs2u1j6xVLsaqf7S3UMJgC2BlH+XxOUs8Eyl2buh3WQDzMuY
8Y/kjzJHSggANy/vPLJ4JEhOBCveSElPx4xNpokz/2EO1rY6oxZ1vjZdDkewd22o
URNbkAwNZOn6fN3KUK2unCg2MyCtpbquxvs6G3RBM+09x7FGsVZ3xCj5OhpHTTT9
if4QDpdZvCZ9L06b51NHBJtUs/dMboL9q5PFT2DlTboWBHEhqCgdv2UVuNIg23J+
T2gzuYSNJbEoaMZRMp5cSSCi4+jt/OmfN9Aj3ZLnQWJfUz5BNHMNJj5xhQYb0nup
tsQiOtwmv+GUW/26t1uJVl0PK84Zt32hgnyYH4AcqXDmpIXCPFwAxKwem/B+tjmG
ElY8/OVi2s7oNC9/JerrFE+Q/oN7I4YNe37khyMBcFgBTxDC2P81EG18992DjQ8l
QZFKweKlh8Jk8rHTrvivGbkjv11/BNaKaK7YAhB7qylsQwP+MeVx0i2sg6TJMzS5
yqhDLH5v8GnMUiFRp3df1KUI8Ktmb3z5pXGEHq/ldxR5sNlg/WIXHN6rgWqLaMpT
Js0g0s3EmOwLzlefuT7thNE4VE81P2lwNegeHSjv9MYrQrSvQWvjSbaDK1JohsUF
H1WkyzT32PY8wMoWAM2fHZYMQUT+/QT9HvA900qQ+hxxyPqOgXQ=
=KZi8
-----END PGP SIGNATURE-----
Reply to: