Hi, Last month I spent 27h doing the following:
- gdk-pixbuf update - libgd2 update - jbig2dec: upstream claimed that this was already fixed. Investigated the claim and verified that this was indeed fixed with a previous security update that was already in all supported releases - apache2 update for optionsbleed vulnerability - emacs23 update - newsbeuter: reviewed/sponsored update - fontforge: investigated issues, no-dsa - bzr update - cacti: investigated issue, confusing as the CVE looks like a duplicate of older ones, which we already fixed in the past. Marked as such - weechat: investigated issue and ways to trigger it, determined a DLA was warranted and prepared it - db: prepared updates for db, db4.7 and db4.8 and called for testing - ruby: discussed current issues and potential solutions with Antoine - firefox-esr security update for 52.4esr - investigated and triaged lots of packages (eglibc, trafficserver, libarchive, libsndfile, libmad, binutils, ocaml, ledger, mosquitto, mcollective...) Cheers, Emilio
