Hi, August 2017 was my 12th month as a payed Debian LTS contributor.
I was allocated 14 hours. I have spent all of them doing the following
tasks:
* Investigate various CVEs in lame.
These CVEs are especially difficult to reproduce because wheezy's gcc
doesn't have asan and reproduction conditions might require a specific
setup.
I initially wrote a patch for CVE-2017-11720 before discovering that
this CVE was a duplicate of an issue we already fixed in Debian.
Despite all my efforts I couldn't reproduce CVE-2017-98{69-72} yet.
I've reported them to upstream and hope to reproduce and fix them next
month.
* Prepare a security update for clamav fixing CVE-2017-6420 and
CVE-2017-6418. I'm currently testing it, but the upstream fix for
CVE-2017-6420 breaks a test. Currently investigating the issue.
* Have a look at mysql-connector-python, finally decide to wait for more
issues.
* Various CVE Triage for mupdf.
* Review Diego's work on libav. Ongoing work.
Best Regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature
