I've worked during December 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
intel-microcode (DLA-4002-1, ELA-1276-1)
As reported in Nomveberm additional fixes introduced
Hi everyone,
in December I manually tested CVE-2023-50387 and CVE-2023-50868 ("keytrap" and
"NSEC3" security issues) in dnsmasq buster and released it. For bookworm I
uploaded the package fixing those CVEs to the stable-updates queue. I was able
to validate that dnsmasq stretch is also affecte
During the month of December 2024 and on behalf of Freexian, I worked on the
following:
php7.4, php7.3, php7.0 and php5
---
Uploaded php7.4=7.4.33-1+deb11u7 and issued DLA-3986-1.
https://lists.debian.org/msgid-search/?m=z1wxnl0vw0es6...@debian.org
* CVE-2024-8929:
LTS:
curl:
- Determined that CVE-2022-32207 does not affect <= buster.
- Found and documented a regression in CVE-2023-27534.
- CVE-2022-32207 does not affect <= buster
- Released DLA 3692-1, fixing CVE-2023-28322 and CVE-2023-46218,
also including 2 non-security fixes from contributors.
ELTS:
I've worked during December 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
opendkim - DLA-3680-1
(This is ELA-1017-1, but for buster)
On mentors.d.n a RFS caught my eyes; the package maintainer has
worked o
Le mardi 2 janvier 2024, 14:53:22 UTC Bastien Roucariès a écrit :
Hi,
Obviously the report should be read for decembre 2023
> I've worked during november 2023 on the below listed packages, for Freexian
> LTS/ELTS [1]
>
> Many thanks to Freexian and our sponsors [2] for providing this opportunity!
During the month of December 2023 and on behalf of Freexian, I worked on the
following:
ncurses
---
Uploaded 6.1+20181013-2+deb10u5 and issued DLA-3682-1
https://lists.debian.org/msgid-search/?m=zwznc9mam3buc...@debian.org
* CVE-2021-39537: The tic(1) utility was susceptible to a
heap
Hi,
During the month of December 2022 and on behalf of Freexian, I worked on
the following:
* DLA-3221-1, node-cached-path-relative (prototype pollution)
https://lists.debian.org/msgid-search/y40yr8jdg8vmg...@debian.org
* DLA-3222-1, node-fetch (information leak)
https://lists.debian.org
After completing on-boarding in November, I've worked during December
on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- virglrenderer -- DLA 3232-1, fixing CVEs: CVE-2019-18388 CVE-2019-18389
CVE-20
Hi,
During December I spent 41.5h on LTS working on:
- security-tracker improvements (looking at issue in 8795311f)
- firefox-esr toolchain updates (cargo, cbindgen, as well as supporting Roberto
with LLVM and rust)
- firefox-esr update
- thunderbird update
- CVE triaging
I also spent 10h on
Hours worked:
70.75 hours
DLAs released:
DLA-2849-1 wireshark
CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922
CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39928
CVE-2021-39929
DLA-2850-1 libpcap
CVE-2019-15165
DLA-2851-1 libextractor
CVE-2019-15531
DLA-2855-1 monit
CVE-201
Hours worked:
3 hours
DLA-2502 postsrsd
CVE-2020-35573
December was my 34th month as a Debian LTS paid contributor. I had a
total of 14 hours. I've spent only 7 hours and carrying remaining
hours to next month.
* spip: Fixed CVE-2020-28984, tested and uploaded[1].
* opendmarc: Researching on the remaining CVEs
* python-autobahn: Marked CVE-2020-3
Hi,
During the month of December, I spent 16.5h on LTS on the following tasks:
- firefox-esr update
- thunderbird update
- spamassasin update
- libssh update
- preparing and testing ibus and glib2.0 (there was a regression update on
stretch so I'm being careful here)
For ELTS I only spent 1h on
Hours worked:
4.5 hours
Work done:
DLA 2054-1 jhead CVE-2018-16554 CVE-2018-17088
CVE-2019-1010301 CVE-2019-1010302
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
December was my 22nd month as a Debian LTS paid contributor. I was
assigned 10 hours and I spent all of them for the following:
* python-olso.utils: Marked CVE-2019-3866 as not-affected in jessie.
strutils.py in oslo.utils is doing its job but c
Hi,
During the month of December, I spent 44 hours working on LTS on the following
tasks:
- samba security update
- llvm-4.0/gcc-4.9 update for armel support
- firefox-esr security update
- CVE triaging
- reviewed and provided feedback on enigmail and related lib updates
- mysql/mariadb lifecycle
Hi,
In December I was allocated 4h and I spent only 3h of them (I'll catch
up the remaining 1h during January 2019) doing the following:
* ghostscript: Fixed CVE-2018-19134 and CVE-2018-19478. The DLA was
properly sent [1].
* phpmyadmin: Trying to reproduce CVE-2018-19968.
[1] https://lists.deb
December 2018 was my 11th month as a Debian LTS paid contributor. I was
assigned 8 hours and I spend all of them for the following:
* pdns/pdns-recursor: Spend some time working on CVE-2018-10851. But it
will going to be a no-DSA as it was.
* libvncserver: Fixed CVE-2018-15127, CVE-2018-20019,
Hi,
Last month I worked 26.5h on LTS, which I spent doing the following:
- CVE triaging
- firefox-esr update
- libxcursor update
- otrs2 updates
- libreoffice update, and investigating old regression
- irssi update
- enigmail update
- gimp update
- thunderbird testing
Cheers,
Emilio
For December I spent 19 hours on the following:
- mercurial: CVE-2017-14458
- icu: CVE-2017-15422, CVE-2017-17484
- asterisk: CVE-2017-17090
- tiff/tiff3: CVE-2017-17973, CVE-2017-17942, CVE-2017-11613
Regards,
-Roberto
--
Roberto C. Sánchez
Hi,
In this month I was allocated 13.5h. I spent 11h doing the following:
- DLA-735-1: gst-plugins-base0.10 update
- DLA-736-1: gst-plugins-bad0.10 update
- DLA-743-1: firefox-esr update
- DLA-750-1: game-music-emu update
- DLA-685-2: libxi regression update
- imagemagick: fixed a wrongly fixed s
This month I was allocated 13.5 hours.
I used 11 hours in which I worked on the following:
* [DLA 755-1] dcmtk security update
I also tested the fix on Jessie and the patch I prepared was also
used to update dcmtk in jessie-security.
* [DLA 758-1] libgd2 security update
* [DLA 767-1] cur
For December I had available 13.5 hours. I spent them on the following
tasks:
* imagemagick: final packaging tweaks, review, and upload, regression
update, review of anarcat's work on previous upload, prepare and
announce collab-maint git repository
* icu: CVE-2014-9911 and CVE-2016-7415
* ph
24 matches
Mail list logo
