For June I spent 36.5 hours on the following: - [LTS] imagemagick: CVE-2018-11251, CVE-2018-11624, CVE-2018-11625, CVE-2018-12599, CVE-2018-12600 - [LTS] php5: multiple issues - [LTS] graphicsmagick: CVE-2016-5239, CVE-2017-11102, CVE-2017-11139, CVE-2017-11140, CVE-2017-11403, CVE-2017-11637 - [LTS] tomcat8: triage, upstream EOL, CVE-2018-1304, CVE-2018-1305 - [LTS] graphicsmagick: CVE-2016-5239, CVE-2017-11102, CVE-2017-11139, CVE-2017-11140, CVE-2017-11403, CVE-2017-11637, CVE-2017-11641, CVE-2017-11642, CVE-2017-11722 - [LTS] jessie transition - [LTS/ELTS] exiv2: CVE-2018-10958, CVE-2018-10999, CVE-2018-10998, CVE-2018-11531, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265 (the patches for these CVEs also applied cleanly to the stretch package, so I prepared that package and the Security Team accepted it) - [ELTS] wheezy transition - [ELTS] gnupg: CVE-2018-12020 - [ELTS] ghostscript: CVE-2018-11645 - [ELTS] perl: CVE-2018-12015 - [ELTS] libgcrypt11: CVE-2018-0495 triage (did not affect package) - [ELTS] tiff3: CVE-2018-10779, CVE-2018-10801, CVE-2018-10963 triage (did not affect package)
Regards, -Roberto -- Roberto C. Sánchez
