-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 February was my 36th month as a Debian LTS paid contributor. I had a total of 19h (assigned and carried from last month). I spent all of them for the following;
* python-pysaml2: Fixed CVE-2017-1000433, CVE-2021-21239. Marked CVE-2021-21238 as ignored[1]. Kept other issues as it is due to invasive changes. DLA 2577-1[2]. * spip: Fixed TEMP-0000000-803658[3]. Backported all related patches from buster. DLA 2579-1[4]. * mqtt-client: Included mqtt-client in CVE-2019-0222. Fixed and released DLA 2582-1[5] * activemq: Fixed CVE-2017-15709 CVE-2018-11775 CVE-2019-0222 CVE-2021-26117. Thanks to Markus for testing the build. DLA 2583-1[6] * libcaca: Fixed CVE-2021-3410. Tested against PoC[7]. DLA 2584-1[8] * jackson-dataformat-cbor: Marked CVE-2020-28491 as no-dsa though fixes are backported patch and tests are adjusted. Patch[9] * 01/03 - 07/03, 1 week of front desk duty. Regards Abhijith PA [1] - https://security-tracker.debian.org/tracker/CVE-2021-21238 [2] - https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html [3] - https://security-tracker.debian.org/tracker/TEMP-0000000-803658 [4] - https://lists.debian.org/debian-lts-announce/2021/03/msg00001.html [5] - https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html [6] - https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html [7] - https://bugzilla.redhat.com/attachment.cgi?id=1756895 [8] - https://lists.debian.org/debian-lts-announce/2021/03/msg00006.html [9] - https://people.debian.org/~abhijith/CVE-2020-28491.txt -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBGZ6QACgkQhj1N8u2c KO8N2g/8CSoPZuwVMs2u1j6xVLsaqf7S3UMJgC2BlH+XxOUs8Eyl2buh3WQDzMuY 8Y/kjzJHSggANy/vPLJ4JEhOBCveSElPx4xNpokz/2EO1rY6oxZ1vjZdDkewd22o URNbkAwNZOn6fN3KUK2unCg2MyCtpbquxvs6G3RBM+09x7FGsVZ3xCj5OhpHTTT9 if4QDpdZvCZ9L06b51NHBJtUs/dMboL9q5PFT2DlTboWBHEhqCgdv2UVuNIg23J+ T2gzuYSNJbEoaMZRMp5cSSCi4+jt/OmfN9Aj3ZLnQWJfUz5BNHMNJj5xhQYb0nup tsQiOtwmv+GUW/26t1uJVl0PK84Zt32hgnyYH4AcqXDmpIXCPFwAxKwem/B+tjmG ElY8/OVi2s7oNC9/JerrFE+Q/oN7I4YNe37khyMBcFgBTxDC2P81EG18992DjQ8l QZFKweKlh8Jk8rHTrvivGbkjv11/BNaKaK7YAhB7qylsQwP+MeVx0i2sg6TJMzS5 yqhDLH5v8GnMUiFRp3df1KUI8Ktmb3z5pXGEHq/ldxR5sNlg/WIXHN6rgWqLaMpT Js0g0s3EmOwLzlefuT7thNE4VE81P2lwNegeHSjv9MYrQrSvQWvjSbaDK1JohsUF H1WkyzT32PY8wMoWAM2fHZYMQUT+/QT9HvA900qQ+hxxyPqOgXQ= =KZi8 -----END PGP SIGNATURE-----