LTS report for April 2021 - Abhijith PA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
March was my 38th month as a Debian LTS paid contributor. I was
assigned 14 hours and I spent all of them for the following;
* mediawiki: There were 8 CVEs reported. CVE-2021-20270
CVE-2021-27291 CVE-2021-30152 CVE-2021-30154 CVE-2021-30155
CVE-2021-30157 CVE-2021-30158 CVE-2021-30159. Marked CVE-2021-30154
CVE-2021-30157 as not-affected and fixed rest. Uploaded and
released [DLA 2648-1][1], [DLA 2648-2][2] regression update.
* smarty3: Fixed a regression and uploaded [DLA 2618-2][3]. Thanks to
Benjamin Renard for finding it.
* samba: There were 9 CVEs including the no-dsa tagged ones.
So far backported CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
CVE-2019-14861 CVE-2019-14870. Continuing work on remaining fixes.
Build available[4] for testing.
Regards
Abhijith PA
[1] - https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
[2] - https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
[3] - https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html
[4] - https://people.debian.org/~abhijith/upload/vda/samba_4.5.16+dfsg-1+deb9u4.dsc
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmCYMksACgkQhj1N8u2c
KO8xkQ/9EuCjBRqU6Pz+5H732IsybV5Ypftxn1nvISLZe0W/VTDfjKuFdQGEJxQX
qAkPbzrjKca+TPwd30NKNWM1K8EI0Y7GBsgkg1JHOCGzBFdaOj8Kv78qgKHFFVTg
dSOsRRVUPnD8aR69lZXL5/EzaLJrbddLQlCcTSp3By28/0PydOyRasdLEnN9EMnY
NWzCqCeuorPWWvHR50lZyWPXokzSfmXz8zb2qKjVAuAIOiJToNbh5b2rFx8HEufW
AMb5seQQye6qrkIm4xtpAuDOTM8qaqU73C6qFa+6aFb+GmiFMTGGN53dkUaPdNS+
JVP8znRegfeyQ+MlLApBhyVStylS8hM4hPhrc7ybnPrmEbzYujdjOkQh030YsUp3
Ksx6vQTHbkGExPx/C4qOKzsmg6ycY1um3xtISIRWaxpkMbFladksb9dFOVDVRic/
wgRs1OI9V70+cxZa5ewvNsj59bRXOuOxCJS2rwXf4GiSb7XKuK4YfHXgtZfNCDYH
Yzxa3BO+IjsDFR2jQnhBA5wh6IMju059O8gceZBqyEpqd7nFATkdlP5AK7lanvjw
FytFd7SalN5PXWkPsdVcml2/NSVlSbsLcJtldwwAAnOqbnuG23Xx1qxv2Cvs74cN
mtYUQEeJy/KprmqWmOFLAaio88fr0h3njr8ocaPHq/7bXyJwdrw=
=SH1q
-----END PGP SIGNATURE-----
Reply to: