Hi, March 2017 was my seventh month as a payed Debian LTS contributor.
I was allocated 13.5 hours. Because of personal problems forcing me
to set aside my free software activites, I could only spend 4 of them
doing the following tasks:
* Continue to investigate CVE-2016-8685 in potrace. All in all, the
issue is probably going to be marked no-dsa since it is not critical
and upstream patch only fixes the issue for low optimization levels,
turning this issue into a hardly debuggable and time consuming problem.
* Investigate CVE-2017-6596 in partclone. I could not reproduce the
issue on Debian yet (wheezy/jessie/stretch) and asked upstream for his
reproducer.
April is going to be a quieter month, and I should be able to spend all
of my assigned hours.
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature
