-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
April was my 26th month as a Debian LTS paid contributor.I was assigned 14 hours. I was only able to spent 10 hours. * apache-log4j2: Backporting CVE-2020-9488 needs backporting couple of java classes from upstream and is intrusive. Another fast mitigation upstream suggest is to set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification. Thus marked it as no-dsa. * otrs2: Continued my work from last month on this package. A new CVE reported CVE-2020-1774. Uploaded with 3 CVEs fixed and 3 marked as no-dsa. DLA-2198-1[1] * mumble: Attempted to upgrade Jessie's version to 1.2.18. Unfortunately Stretch version is also vulnerable to DoS. I've written the current status here[2] Regards Abhijith PA [1] - https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html [2] - https://lists.debian.org/debian-lts/2020/05/msg00008.html -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl63mqYACgkQhj1N8u2c KO9vVw/+NDapmJFYobndjq6ZJzpjy97HGxddbLM6CGNOLQJsO/TsqhVtA2TbdtFk SuVLh4aT8jwFZNewXutlN7uR2FTi5jeX+SlJc7HKTqarRhRAksPHj3onJstj5424 zwJlHDZfqzd+Er2cFjfLOVXYHJOMwdFRa7Y+/wW5HrsQcyt21wXa3ZKEq0SfiT4W uyJO7ZQJv60FNFarXLqovoNQ4fi3G4dbPSDJMw8rLzFb7/W7n3GaiuUBrhjts1JZ Dq8JR819/j544R4rjz96qqqx8Cyh6OJnMWjMy/4evMRjzFiZMGv/DzAWDkl+/Qap qfclgoBu/plRY1in+6morMaj7dgfd7NEKZWz3BOtlEpIIJE6QfsSaZJm8truHbwD IA8OCoE+vC8bH2x+odwse7OzB62a4rPuao5EMkuha96IZ/nkfjP+UgGKwHOM0bSU hlrI1pT38oBAbB875YONE5Tt3uCb1qG4fdZHvav6VRAerk/1mZicZKXdAul5etmJ 5vC6YJJDa8byJA1/KeyhjVQedFiWV0qgM/G27mCrzL1F3WUzFIhEa2qCM5jOFiI7 TOYj6P+fLRVYxNF9ZK249ke6BrFaZExTRr2BXRhFLudXEJC98DVepRvZFaNYmE+y VEYF5FpkdEo4QI2uogezihopQ0gZEUu/MLf9CKP6AmhcEdDfTCM= =fWNI -----END PGP SIGNATURE-----
