Hi, Here is my LTS report for January.
I was allocated 20 hours. I have spent all of them in the following
tasks:
* libsndfile:
+ Analyse upstream patch for CVE-2018-19758. Prepare, test and upload
security update addressing this issue (DLA-1632-1)
* qemu:
+ Investigate CVE-2018-19665, produce a trimmed down version of upstream
patch[0]. Not uploaded yet, I am still discussing what I consider to be
issues in the patch, and Philippe Mathieu-Daudé from RedHat is planning
to release an updated version soon[1].
+ Prepare, test and upload a security update addressing CVE-2018-17958,
CVE-2018-19489 and CVE-2018-19364 (DLA-1646-1)
* aria2:
+ Analyse, reproduce CVE-2019-3500, backport patch, test and upload it
(DLA-1636-1)
* libpng:
+ Analyse CVE-2019-6129 and mark it ignored, see my post on upstream's
bug report.
* openjpeg2:
+ Analyse CVE-2018-5727 and mark it <ignored> in jessie. After discussion
with the security team decide to mark it unimportant in all suites.
* tmpreaper:
+ Analyse CVE-2019-3461, backport stretch update to jessie (DLA-1640-1)
* phpmyadmin:
+ review lucas' update, issues in table creation.
* faad2:
+ start working on patches. Nothing online yet, this is likely to take a
few weeks since there are many issues and patches have to be written
from scratch.
Best Regards,
Hugo
[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916278
[1] https://lists.debian.org/debian-lts/2019/01/msg00071.html
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
