For November I spent 24.5 hours on the following LTS tasks: - ampache: CVE-2019-12385, CVE-2019-12386 worked with upstream on a patch that applied to the version in jessie; finalized fix and published final package/advisory - libqb: CVE-2019-12779, investigate and triage; discussed with upstream and other LTS folks; concluded that libqb in jessie should be EOL - ghostscript: CVE-2019-14869 - symfony: multiple issues (CVE-2019-18886, CVE-2019-18887, and CVE-2019-18888 fix; some others triaged as not affecting symfony in jessie) - debian-security-support: related to libqb EOL - php-horde: worked on patching CVE-2019-12094; corresponding with security team regarding assignment of CVE-2019-12094/CVE-2019-12095 and the possibility of a third and separate vulnerability that may require CVE assignment - nss: CVE-2019-11745
I also spent 21.5 hours on the following ELTS tasks: - nss: CVE-2019-11745 - bash: CVE-2019-18276 triage - openjdk-7: backport Markus' openjdk-7 jessie package and work on autopkgtest implementation for wheezy Regards, -Roberto -- Roberto C. Sánchez
