-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 July 2018 was my sixth month as a Debian LTS paid contributor. I was assigned 12 hours (10 plus 2 hours carried from last month).
I have spent these hours on; * ant: Backported CVE-2018-10886, TEMP-0904191-9063D5 tested and released DLA[1][2]. Thanks to Roberto C. Sánchez for uploading. * policykit-1: Backported CVE-2018-1116 from upstream and tested. Thanks to Chris Lamb for uploading and releasing DLA[3]. * ansible: Marked CVE-2018-10874 as not-affected and CVE-2018-10875 as no-dsa. * libspring-java: Triaging the remaining CVEs. Pending fixes will be uploaded in coming days. * twig: Working on CVE-2018-13818. Contacted the exploit author for the POC clarity. - --Abhijith PA [1] - https://lists.debian.org/debian-lts-announce/2018/07/msg00023.html [2] - https://lists.debian.org/debian-lts-announce/2018/08/msg00004.html [3] - https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAltrf1sACgkQhj1N8u2c KO80rg//WiqYRgz7VFGieFIvsiUSp9RfnM9W7HRoVPhsgLcTLP/fbv+N2L9lE8jb Uuzf/vbu8Gn7Qm3zRuNEkdixE5rOjykclKkv3klXEIS65SNLDlv7tu0cH0OILNtA Tp1f77Wsi8vTTf7tV2dcLUMAO6at0dfJHjEwNfyR5FaWB1X6h30sDrPvZK8Za47Q jdkK5haAOjyS/1nq+LFt/2kp0XN5dPGXIXUqNmoHP5BkKpqLlpkIXTE4woDVhc4+ 0qKsGP450/Igrqx+eu0ZhvYNb4rKyF41u6AEmoEGI12KHJ0LhFDroYls41BTXv/b adJasopgD7vwRgsk/x+18OEQQBt1EBOTxcIIA9Tiexmp5C1l1RJTgxNkLk/fKmy0 /NhPOGWfTOTWLjh0nQ/mw0b6awCEB5PTDSvoW81oQP1Oe/5frGDtUcmh4a/KJ+Dd 7hHKE1yxHxNoJlyTgXqnaydT/HnN8mhKrYuoneju1CpyD4facyWr8Kyh6Gg8caWS 7ekNSqf5ybSkN6Od2gRt2VLSTZ5QM0CCyzIBUQ9jRTcKg4Meg7cflYLeZT5Iig9/ A+z0SBiSFYo6yhDWmLTMY2Djnf+/rC8Y/EkCPYOCro37KNhXrO9XOh8PmayABBqH gd/kRszaSJKceID/eKWg9tBT6UvzXziKTJ7xMJSTbmJFfXz7kP0= =Z3uA -----END PGP SIGNATURE-----