-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/lts/debian/#sponsors LTS: - - golang-yaml.v2 - CVE-2021-4235 - CVE-2022-3064 - Add upstream patch with style fixes for CVE-2022-3064 so that we are in line with upstream code if there happens to be another security update. - Worked on broken tests due to upstream fixes - still working on failing i386 test. https://salsa.debian.org/lts-team/packages/golang-yaml.v2 - - python-oslo.privsep - CVE-2022-38065 has been marked as Won't-fix/Hardening opportunity upstream. It was mentioned the fix was easy but tedious. It is consumer design flaw issue. After extensive research into fixing this I deemed it too large / out of scope. Added notes to dla-needed.txt Misc: Claimed lts-extra-task to develop an lts team view in package tracker for no- dsa packages. - Set up my enviroment to do said work. Processed some NFUs Team monthly meeting Thanks, Scarlett -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfDWSDxziiZ6OqarQLnwDZ7m/oIkFAmR6N6QACgkQLnwDZ7m/ oIlCJhAAvlNSVbloxZgnbIC9dFphbTZQVtdpu3hUsb12rYTkGr4URwf7EzqMmT1C pixWIuv6Tze9Jglez+P5zK27J0qs5GK8nJInQW92QmmOf/43ktLK20he8ftEPUHP j5p1AcuGkAi2WpCjLFBF8mRBd3u64IBzLovY9RPyoXrlkoYlwwy8Z+JkLLvGAZZx tRLmBKdmU4Ws9mrwebMjEFd9YHdhnpWHOy/rjFyFqxuigxCt0OnjOv/cPvjjA1Jh cy6LVI/XjXslnNWnxuTOO4mrILU3BTTGnHGqN/DS/JoDGHeTSpuLJNTDgPwPpEX9 cqMpAYk34iA5Dos5SSHG5QxMzvAguiLa35V6kzfujorbro28uk7zBYrUNA7YfvPT vj+SkQWPdrxjB6mbW/LRxAUf1u5Ls1yOo9pBtRG5s8aYzMEVecoXktOM/xwl/l7v KjjfdDEF+0EOBSkrkCbo9od71ydaC8H1roYrX07vVwZf6jb2kYfhv9Nf3n5XAFmv 9h0+SDACQ51oErXMAnGrmgigLtwPv+NEZIAFL778+N0fkcS6CS6hX8/K5MvlJj9D IT0LslQuSwtO+9953zjgoBuUP9QhZ6fSLgyOtT1R1o7JMFOkUdpfKPRgs5cIaPqC aZo6YPD6n7ktZ31Y9zflsFsY2HE1jXOmhR01SZqoDniDzSiwnfc= =jU6H -----END PGP SIGNATURE-----
