In September 2024 I've worked on the below listed packages for Freexian
LTS/ELTS [1].
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- ruby-sinatra/bullseye
- Released DLA-3877-1 fixing CVE-2022-45442 and CVE-2022-29970.
ELTS:
- db5.3/buster
- Helped wi
Hi,
Here is my September 2024 report for the Freexian LTS/ELTS initiative [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity.
This month I was able to backport clamav 1.0.x to Buster (other packages
required updates). The packages were not uploaded to the ELTS archive
I've worked during September 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
firmware-nonfree (ELA-1179-1)
=
(As already announced in August), at that time still WIP, the upload
upda
LTS:
booth:
- Released DLA-3894-1, fixing CVE-2024-3049.
- Provided the package for DSA-5777-1, fixing CVE-2024-3049
in bookworm.
nghttp2:
- Released DLA-3898-1, fixing CVE-2024-28182.
- Submitted a package fixing CVE-2024-28182 in the next bookworm
point release.
php-twig:
- Released DLA-38
During the month of September 2024 and on behalf of Freexian, I worked on the
following:
dovecot
---
Uploaded 1:2.3.13+dfsg1-2+deb11u2 and issued DLA-3860-1.
https://lists.debian.org/msgid-search/?m=ztxjlvofwoqm2...@debian.org
* CVE-2024-23184: Having a large number of address headers (Fro
DLAs released:
DLA-3593-1 gerbv
CVE-2021-40393 CVE-2021-40394 CVE-2023-4508
DLA-3595-1 trafficserver
CVE-2022-47185 CVE-2023-33934
ELAs released:
ELA-942-2 qpdf (stretch)
regression update
ELA-972-1 exempi (stretch)
CVE-2020-18651 CVE-2020-18652
ELA-974-1 ghostscript (jessie+stretch)
CVE-202
Hi everyone,
in September I tested and released DLA 3563-1 for samba.
In the process, I filed and followed up on several bugs related to sending
signed mails to Debian mailing lists (#1050906, #1050915, #1051941, #1051943) [0].
I also discussed with the Debian samba maintainer the idea of mov
I've worked during September 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS:
zabbix - ELA-945-1, ELA-957-1
After zabbix has been released in August for buster (DLA-3538-1), I've
continued to wor
During the month of September 2023 and on behalf of Freexian, I worked on the
following:
php7.3
--
Uploaded 7.3.31-1~deb10u5 and issued DLA-3555-1
https://lists.debian.org/msgid-search/?m=zpexm9jokfktz...@debian.org
* CVE-2023-3823: Security issue with external entity loading in XML
wi
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
My work this month was concentrated on libreoffice. This a huge package (with a
lot of line of code), that take a lo
Hi,
in September 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following (E)LTS tasks:
ELA-xxx-1: freerdp
==
Did a lot of triaging work for all the open issues, aligning them with
freerdp in Debian stable and sid, and working out how to bac
hi,
in September 2021 I spent 3h managing (E)LTS contributors and coordinating
hand-over of my activities to Jeremiah:
- dispatch work hours for LTS and ELTS
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DLAs on www.d.o
- coord
Hi,
Here are my Free Software activities for September.
September was spent working on a Freexian funded project and other
administrative duties. The funded project seems quite important to Free
Software as it essentially removes dependency on a build tool that can't
be used in Debian. Other
LTS Hours worked:
19.5 hours
DLA 2770-1 weechat
CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516
DLA 2771-1 krb5
CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750
DLA 2772-1 taglib
CVE-2017-12678 CVE-2018-11439
ELTS hours worked:
3 hours
ELA-489-1 weechat
CVE-2021-40516
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
September was my 31st month as a Debian LTS paid contributor. I had a
total of 14 hours. I spent 12h and I am carrying rest to next month.
* qemu: Continued work from last month. Uploaded and released DLA[1]
* inspircd: Fixed CVE-2019-20917, CVE-
Hours worked:
14 hours
DLAs released:
DLA-2376-1 qtbase-opensource-src
CVE-2018-19872 CVE-2020-17507
DLA-2377-1 qt4-x11
CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871
CVE-2018-19872 CVE-2018-19873 CVE-2020-17507
DLA-2388-1 nss
CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-1
hi,
in September I spent 5h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing, running and participating in the monthly team meeting
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic
Hi,
During the month of September I have spent 19.75h on the following tasks:
- security-tracker MRs
- thunderbird regression update
- libx11 security update
- Lots of work to get ready for the Firefox & Thunderbird ESR 78 updates, with
the ESR 68 branch going end-of-life on September 22nd with
Hi,
During the month of September I spent 30 hours on the following tasks:
- firefox ESR 60 update
- thunderbird ESR 60 update
- ghostscript update
- firefox ESR 68 preparations for jessie and stretch (LLVM 7, cargo, rust,
cbindgen, nasm, nodejs)
As for ELTS I spent 4 hours on frontdesk triage.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
( Re-sending the report )
September 2018 was my 8th month as a Debian LTS paid contributor. I was
assigned 15 (10 + 5 hours carried from last month) hours but I only
able to do 11. I am carrying rest to next month.
I have spent these hours on;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
September 2018 was my 8th month as a Debian LTS paid contributor. I was
assigned 15 (10 + 5 hours carried from last month) hours but I only
able to do 11. I am carrying rest to next month.
I have spent these hours on;
* mupdf: investigated CVE-20
Hi,
Last month I spent 27h doing the following:
- gdk-pixbuf update
- libgd2 update
- jbig2dec: upstream claimed that this was already fixed. Investigated the claim
and verified that this was indeed fixed with a previous security update that was
already in all supported releases
- apache2 update
For September I spent 10 hours on the following:
- tiff/tiff3: prepared tiff 4.0.2-6+deb7u16 and tiff3 3.9.6-11+deb7u8
covering CVE-2017-11335, CVE-2017-13726, CVE-2017-13727, and
CVE-2017-12944
- imagemagick: prepared 8:6.7.7.10-5+deb7u16, covering 24 CVEs; also
identified 7 CVEs which
In September I spent 10 hours on the following tasks:
* Research security issues in various packages, such as Asterisk and
samplesamplphp.
* Reproduce CVE-2017-14103 in graphicsmagic on Wheezy, Stretch, and
Unstable. Note that stretch and Unstable are marked as fixed, but I am
not entirely c
September was my fourth month as a debian-lts contributor. I was
allocated 12.25 hours in addition to the 7.25 hours not used in the
previous month.
I used 15 hours in which I worked on the following:
* Was responsible for LTS frontdesk for the first time triaging several
security issues which
thanks to all for the work!
September 2016 was my first month as a payed Debian LTS contributor.
I was allocated 12 hours. I have spent 12 hours doing the following tasks:
[...]
Pol
Hi,
September 2016 was my first month as a payed Debian LTS contributor.
I was allocated 12 hours. I have spent 12 hours doing the following tasks:
* Prepared, tested and uploaded a security update for qemu and qemu-kvm fixing
CVE-2016-7116. Related DLAs: DLA-618-1, DLA-619-1
* Prepared a s
Hi,
September 2016 was my first month as a payed Debian LTS Team member.
After doing two small uploads to wheezy-security in August and got to
know the LTS Team workflow, this month I was allocated 9 hours by
Freexian. I spent all 9 hours on working on security updates to Debian
Wheezy.
In partic
For September I had available 15.75 hours (some left over from August).
I spent 14 hours on the following tasks:
* CVE-2016-6293: Final ICU package build/upload for update prepared at
the end of August and publish DLA
* Reviewed and improved Brian May's Debian Security Tracker notes added
to h
29 matches
Mail list logo
