I've worked during august on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity! LTS === MariaDB ------------ Following triaging work fot LTS/ELTS I proposed a NEWS entry for for breaking change CVE-2024-21096. I help maintainer to analyse impact of fixes php-cas ------------ Finalize PU for php-cas, ocsinventory-server and fusionforge fix CVE-2022-39369 systemd ------------ I analysed a breaking change on salsa that cause regressions due to tmp mount masked. Because backporting fixes is risky I proposed and tested a workaround freeradius --------------- Following blastradius: I fix testsuite and review patches for BlastRadius. I added test for blastradius client. I Proposed a MR for fixing CVE-2019-10143 and hardenning freeradius I Triaged remaining CVE I Investigated possible regression on JSON format on bullseye I proposed a NEWS entry describing the problem and warning about the different pitfall of blastradius workarround I exchanged with other member of the project about the risk analysis of the update. LTS pipeline ----------------- I improved the filter-out process in case of huge log and truncated log,improving build/testing quality. putty -------- I Released 0.74-1+deb11u2 fixing CVE-2024-31497. Devref --------- During freereadius test, we found the need to create a user testable experimental version. version string are not normalized for this case openned #1078505 I particularly described the need tp document how to retrieve particular tags for backport need cacti ------ PU for bookworm fixing CVE-2024-25641 CVE-2024-29894 CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 CVE-2024-34340 I finalize analysis of DOM purify dependency and I am wainting for security team for guidance apache2 ------------ I analysed a few regression and opened 4 bugs tracking security regressions. ELTS ==== MariaDB ------------ I closed more than 20 CVEs and we are planing two release the next month, Pipeline ------------ I try to investigate failure of piupart jobs https://salsa.debian.org/lts-team/pipeline/-/issues/11 Apache2 ------------ Backport fixes to buster, stretch and jessie Found a possible regression and forgotten security fix of CVE-2024-39884. Reported upstream that is investigating the security implication. Finalize DLA Other ===== I attend montly meeting. A special thanks to ubuntu security team. A special thanks to santiago for testing, and roberto for reviewing the mariaDB work Cheers rouca [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors
signature.asc
Description: This is a digitally signed message part.
