Hi, Here is my LTS report for November.
I was allocated 15 hours. I have spent all of them in the following tasks: * openjpeg2: Continue my investigations on CVE-2018-18088, finish patch and get it reviewed by upstream (actually merged). Triage CVE-2018-5785 as not affecting Jessie (vulnerable code introduced later). Prepare a jessie security upload including my work from the previous months, test and upload it (DLA 1579-1). Investigate CVE-2018-6616 and start developing a patch addressing this issue. See upstream bug report. * liblivemedia: Prepare, test and upload security update addressing CVE-2018-4013 (DLA 1582-1). Upload was also done for Stretch. * libtiff: Investigate CVE-2018-19210, prepare a patch addressing this issue. Still waiting for review from upstream, see https://gitlab.com/libtiff/libtiff/merge_requests/47 * libsndfile: Take a look at the state of older CVEs, looks like some of them triaged no-dsa might be worth an upload. Assess their reproducibility, add to dla-needed and start preparing upload. * misc: + test and review Santiago's QEMU upload. https://lists.debian.org/debian-lts/2018/11/msg00125.html Best Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
