Hi Raphaël, Roberto,
> > >These CVEs are especially difficult to reproduce because wheezy's gcc
> > >doesn't have asan and reproduction conditions might require a specific
> > >setup.
> >
> > FWIW, I have been able to reproduce quite a few issues detected by ASAN
> > with valgrind whi
On Tue, Sep 05, 2017 at 10:30:03AM +0200, Raphael Hertzog wrote:
> On Sun, 03 Sep 2017, Hugo Lefeuvre wrote:
> >These CVEs are especially difficult to reproduce because wheezy's gcc
> >doesn't have asan and reproduction conditions might require a specific
> >setup.
>
> FWIW, I have bee
On Sun, 03 Sep 2017, Hugo Lefeuvre wrote:
>These CVEs are especially difficult to reproduce because wheezy's gcc
>doesn't have asan and reproduction conditions might require a specific
>setup.
FWIW, I have been able to reproduce quite a few issues detected by ASAN
with valgrind which d
Hi,
August 2017 was my 12th month as a payed Debian LTS contributor.
I was allocated 14 hours. I have spent all of them doing the following
tasks:
* Investigate various CVEs in lame.
These CVEs are especially difficult to reproduce because wheezy's gcc
doesn't have asan and reproduction
Ola Lundqvist writes:
> I had the same issue a month ago. It solved itself after a few days
> when new issues were found.
Now only two packages on the unassigned list:
The following packages are used by our customers (by order of decreasing
importance, more hours means more important):
* open
> * mailman (0.3 %)
> NOTE: Thijs Kinkhorst said on debian-lts that he wants to have a look
Does anyone know the current status of this one… ?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Hi Brian
I had the same issue a month ago. It solved itself after a few days
when new issues were found.
// Ola
On Thu, Sep 1, 2016 at 10:02 AM, Brian May wrote:
> Hello,
>
> Just wondering how I should spend my LTS hours. If I look at the list of
> unclaimed packages for LTS: this list is of p
This month I had 14.75 hours and I spent my 14.751 hours on the
following projects:
* New release of python-django for wheezy. This release did not fix
any security issues, but did fix a number of bugs.
* Research security issue in twisted, CVE-2016-1000111. I concluded
that it wasn't a secur
