For November I spent 13.75 hours on the following LTS tasks: - icu: triage CVE-2018-18928, vulnerable code was not present - libapache-mod-jk: prepared update for CVE-2018-11759 which involved backporting new upstream release; upload pending guidance from maintianers and security team on corresponding uploads for stable and unstable - symfony: multiple issues, backported patches to fix identified vulnerabilities; remaining task is to resolve build/unit test failures which likely depend on previous commits in history (i.e., identify those commits and add the necessary patches to the package) - php5: CVE-2018-19518, worked on reproducing
I also spent 10 hours on the following ELTS tasks: - icu: triage CVE-2018-18928, vulnerable code was not present - libapache-mod-jk: prepared update for CVE-2018-11759 which involved backporting new upstream release; upload pending guidance from maintianers and security team on corresponding uploads for stable and unstable - nss: CVE-2018-12384, contacted Mozilla Security Team and they made upstream bug report public; began working on reproducing vulnerability - php5: CVE-2018-19518, worked on reproducing Regards, -Roberto -- Roberto C. Sánchez
