-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 December was my 22nd month as a Debian LTS paid contributor. I was assigned 10 hours and I spent all of them for the following:
* python-olso.utils: Marked CVE-2019-3866 as not-affected in jessie. strutils.py in oslo.utils is doing its job but code changed to rewrite pattern which in turn used for another module mistral (openstack dependency). Mistral is absent in jessie. * otrs2: Fixed CVE-2019-18179, tested, uploaded and released dla[1]. Marked CVE-2019-18180 as not affected. Jessie version has different method for chopping file names. Confirmed with upstream. * nethack: Marked eol and updated in security-support-ended.deb8 * tomcat8: Patched CVE-2019-17563 and CVE-2019-12418, though one test related to this is failing. Will be uploaded soon. Regards Abhijith PA [1] - https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl4TSPUACgkQhj1N8u2c KO8Idw/+ORJrGo6m4rONcl5ZAKfwKRAGlimT9sRW6Nh6xZxuHRF+vtQ0vEAyaNmg jenVfQrJwi1UTviza0T5czSB5GdihqrEzBRQprotS7pVJJSJ6yXz/hXKzDM3IoIb g9lSwTJflA5aKpKfew8eE002xL8UQhLhJ9hRArzsV9ZMnbshX5Jkx6M55UMPHgG0 7jDuqvFBagsDdUclfiUSI8ipfS5U2zI2QjoBNusAVgi0L6cHeZZ1vCUJhKZFXPaK /Pj1OyvTy856TNClcktyKzIytyCK49COPQsUiWa2GoIUYdKGVD+x2ER3NlDkWFrj PR6dOBqk7FIYNomowexPDRyDO7129CB72YnGw+dshr4dIuyJmVXeVLCPpOYWi8aN dkvapVF28lDOiM3CQcoQqjrrsxB+YRBjitSBQJv+oH8buhorczBZ45XNuQfIQUfu oWolohPK0uNxBjbNSwLIIGRjGpHg/VhQGotVGtpQGay2lz0KDBOhVhIlaP4Udlx6 K1EIaqQkdmHsLlvz33Z7Z9zjFtekMW3DXLqvQEQd+KhLCMI/oHfAK1fsYR4fstlg IVf5ZmrZpTMkpY4F6KHGqa7OTZUCsvR03jjf88jRmrYCDgQIfhKRAbxHex3MFXCc UW09Ps6O7EUrwCVM9WN6Ya7uUkDLKyLATTnByCDifWHUGmEbchU= =+Tpm -----END PGP SIGNATURE-----
