For January 2020 I spent 10.75 on the following LTS tasks: - git: completed the work begun in December 2019 and published the updated package and advisory - squid3: investigated open issues (CVE-2019-12523, CVE-2019-18676) in an attempt to isolate the salient parts of the fixes for backporting; found that the lack of detail in the vulnerability reports and the lack of a repoducer made it effectively impossible to isolate the security-relevant aspects of the changes and also hampered validation of any backport attempt; noted this information in the security tracker - samba: triaged open security issues; all were either not present in jessie version or sufficiently minor as to be ignored - tigervnc: began working on an update only to realize that tigervnc does not exist in jessie, which led to ... - review-update-needed: submitted a Salsa MR to this utility script in the security tracker repository that adds the option to query rmadison for each source package listed in dla-needed.txt or dsa-needed.txt to verify its existence in the specified suite(s)
I spent a further 1.75 hours on the following ELTS task: - git: completed the work begun in December 2019 and published the updated package and advisory Regards, -Roberto -- Roberto C. Sánchez
