This is my second month as a Debian LTS paid contributor. I was assigned 8hours and I spend all of it for the following.
* golang: Continued my work on Backporting CVE-2018-7187. Thanks to Chris Lamb for uploading and releasing DLA[1] * zsh: Backport CVE-2014-10070, CVE-2014-10071, CVE-2014-10072, CVE-2016-10714, CVE-2017-18206. Test, upload (and released DLA[2] by Chris Lamb) * graphite2: Initial Plan was to backport CVE-2018-7999 and worked on it. But later decided to tag it as 'no-DSA' to follow security team. * uwsgi: Investigated on CVE-2018-7490 and later decided not to upload as it is not affecting wheezy without the uwsgi-plugin-php. Thanks to Gero Treuner for the patch and review. * libvncserver: Backport CVE-2018-7225, test and release DLA[3]. Thanks to Lundqvist for uploading. In my volunteer time I also prepared a security update for phpmyadmin[4][5] in oldstable, but no feedback yet. If someone could review and upload, it will be great. --abhijith [1] https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html [2] https://lists.debian.org/debian-lts-announce/2018/03/msg00007.html [3] https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html [4] https://mentors.debian.net/debian/pool/main/p/phpmyadmin/phpmyadmin_4.2.12-2+deb8u3.dsc [5] test instance running my buid: http://159.65.202.84:9001/phpmyadmin/ (pm me for credentials)
