LTS:
apr:
- Determined that CVE-2023-49582 (sole unfixed CVE)
does not affect the binary package in bullseye.
ghostscript:
- Determined that CVE-2024-46952 does not affect <= bullseye.
- Released DLA-3965-1, fixing CVE-2024-46951, CVE-2024-46953,
CVE-2024-46955 and CVE-2024-46956.
glib2.0:
-
I've worked during November 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
smarty3 (DLA-3956-1, ELA-1237-1)
Fixed threeCVEs for smarty3, a PHP templating engine.
CVE-2018-2504
Hi everyone,
in October I worked on dnsmasq in bullseye, manually verifying via the proof of
concept provided by the original security researchers that the patches applied
previous month fix the security issues. During the LTS review process some
smaller issues were identified and changed, and
During the month of November 2024 and on behalf of Freexian, I worked on the
following:
opensc
--
Kept backporting more fixes for known vulnerabilities, notably
CVE-2023-5992, CVE-2023-40660 and CVE-2023-40661, but didn't upload yet
as more security issues need to fixed first. Work is ongoin
In November 2024 I've worked on the below listed packages for
Freexian LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- python-aiohttp/bullseye
- started investigating
ELTS:
- runc/buster
- Postpone CVE-2024-45310 (minor issue).
- runc/st
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
The work consisted to fix libreoffice both for stretch and jessie.
I have fixed CVE-2020-12801 CVE-2020-12802 CVE-2020
Hi everyone,
I spent time on samba, and will hopefully be able to resume work on it beginning
of next week.
Regards,
Lee Garrett,
Debian LTS Team
LTS:
trafficserver:
- Released DLA-3645-1, fixing CVE-2023-41752 and CVE-2023-44487.
galera-3:
- Determined that CVE-2023-5157 in galera-4 does not affect galera-3.
gimp:
- Released DLA-3659-1, fixing CVE-2022-30067, CVE-2023-2
and CVE-2023-4.
- Determined that CVE-2023-3 does not
I've worked during November 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
freerdp2: (DLA-3654-1)
Third time is a charme. After tackling it in September and October,
with DLA-3606-1 fixing a lo
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
python3.5
---
Folowing previous month work, I have finalized to fix testsuite, by
regenerating certifica
During the month of November 2023 and on behalf of Freexian, I worked on the
following:
opensc
--
Uploaded 0.19.0-1+deb10u3 and issued DLA-3668-1
https://lists.debian.org/msgid-search/?m=zwpsqzcsk_2as...@debian.org
* CVE-2023-40660: Potential PIN bypass. The bypass was removed and
exp
Hi,
in November 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following LTS tasks:
DLA-3180-1: python-scciclient security update
=
Fixed CVE-2022-2996 for missing TLS certificate verification. Also,
helped to pre
During the month of November, I spent 17h on LTS working on
- remove no-dsa tags script
- udisks2
- security-tracker improvements
- CVE triaging
- mbedtls
For ELTS, I spent 14h working on
- remove no-dsa tags script
- update-nvd sec-tracker checks
- udisks2
- jqueryui
- openjdk-7
- CVE triaging
Hours worked:
62 hours
DLAs released:
DLA-2828-1 libvorbis
CVE-2017-14160 CVE-2018-10392 CVE-2018-10393
DLA-2829-1 libvpx
CVE-2020-0034
DLA-2830-1 tar
CVE-2018-20482
DLA-2831-1 libntlm
CVE-2019-17455
DLA-2832-1 opensc
CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570
CVE-2020-26571
hi,
in December 2020 I spent 3.5h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DL
Hi,
During the last month I have spent 22.75h on LTS working on:
- thunderbird security updates
- libproxy security update
- security-tracker improvements
- firefox-esr security update
- drupal7 announcements
- lts meeting
- postgresql-9.6 announcement
- xorg-server security update
- preparation
LTS:
Hours worked:
13 hours
DLA 2452 libdatetime-timezone-perl
Updated timezone data
DLA 2462 cimg
CVE-2020-25693
DLA 2472 mutt
CVE-2020-28896
DLA 2473 vips
CVE-2020-20739
ELTS:
Hours worked:
2 hours
libdatetime-timezone-perl
Updated timezone data
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
November was my 33rd month as a Debian LTS paid contributor. I had a
total of 12 hours. I've spent all of them for the following,
* 1 week of LTS front desk
* lxml: Fixed CVE-2018-19787 CVE-2020-27783, tested and uploaded[1]
* spice-vdagent:
hi,
in November 2020 I spent 8h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing, runninng und post-processing the monthly team meeting on IRC
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi
Hours worked:
18 hours
Work done:
DLA 1698-2 file regression update
DLA 2017-1 asterisk CVE-2019-18610 CVE-2019-18790
DLA 2018-1 proftpd-dfsg CVE-2019-19269
Hi,
During the month of November I worked on the Thunderbird update after the
toolchain update work for Firefox ESR 68 made that possible. I also spent time
working on build fixes for Firefox (on armhf for jessie, as well as various
other issues on stretch). Those will also benefit Thunderbird. Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
November was my 21st month as a Debian LTS paid contributor. I was
assigned 8 hours and I spent all of them for the following:
* libssh2: Fixed CVE-2019-17498, tested and uploaded. DLA[1]
* slurm-lnll: Backported a huge part of CVE-2019-12838, CV
Hi,
In November, I spent 38h in Debian LTS, on the following tasks:
Finished the rustc and cargo bootstrap, which allowed to update firefox-esr and
thunderbird. There was a problem with rustc on i386, which I investigated and
finally fixed, allowing firefox-esr/thunderbird to build there too. The
Hi,
In November I was allocated 4h and I spent all of them doing the following:
* uriparser: Fixed CVE-2018-19198, CVE-2018-19199 and CVE-2018-19200.
The DLA was properly sent [1].
* qemu: Tested the update provided by Santiago.
* rails: Mark CVE-2018-16476 as not-affected in Jessie.
[1] https
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
November 2018 marked my 10th month as a Debian LTS paid contributor.
Also this is my first report as a Debian Developer. I didn't allocated
any hours for this month as I had 13 hours pending from last month and
I spend all of them on the following:
Hi,
Last month I worked 14.5h on LTS, which I spent doing the following:
- firefox-esr update
- xorg-server update
- openjdk-7 update (this took longer than normal due to a bootstrap failure
which I tried to fix, but in the end decided to disable the bootstrap build,
which triggered another build
For November I spent 32.5 hours on the following:
- Documentation on reproducing bugs with ASAN
- tomcat7: regression update
- graphicsmagick: CVE-2017-16669, CVE-2017-13134, CVE-2016-16547;
prepared package update
- imagemagick: CVE-2017-16546; prepared package update
- tiff/tiff3: CVE-2017-993
Hi,
For November, I had 11 hours allocated. I unfortunately wasn't able to
free up enough time to do all my hours. I have spent around 4 hours on
various tasks, including some triage of libxml2, ntp, openssl and tiff
issues. I have also spent a significant amount of time working on
clarifying the
Hi,
In this month I was allocated 11h, which I spent doing the following:
- DLA-700-1: libxslt: fixed heap overread bug
- DLA-702-1: tzdata: updated for the 2016i release
- DLA-703-1: libdatetime-timezone-perl: updated for the 2016i release
- DLA-704-1: openjdk-7: backported version in experiment
For November I had available 11 hours. I spent them on the following
tasks:
* imagemagick: multiple issues: I backported fixes for all remaining
issues, resolved numerous unit test failures resulting from several
of the patches, and posted a candidate package for review and testing;
an uplo
Hi,
November 2016 was my third month as a payed Debian LTS contributor.
I was allocated 11 hours. I spent all of them in CVE triage for Xen.
Longer explanation:
It has been reported by Guido Günter that Xen before v4.4.0-1 embeds
a copy of QEMU 0.10.2. Xen has version 4.1.4 in wheezy, so it is
This month I was allocated 11 hours.
I used 11 hours in which I worked on the following:
* Triaged kde-runtime's CVE-2016-7787 further and found that it can't
cause problems on wheezy. As a fruit of the triaging I provided
patch for kdesudo which is affected, too, in sid and jessie.
* [DL
32 matches
Mail list logo
