January report
Hi, January 2017 was my fifth month as a payed Debian LTS contributor. I was allocated 15.25 hours. I spent all of them doing the following tasks: * CVE triage work, review patches and reproduce security issues for libav. * Test and upload a security update for libav (0.8.19-0+deb7u1). * Prepare, test and upload a security update for botan1.10 (botan1.10_1.10.5-1+deb7u2). * Prepare a security upload for potrace, not uploaded yet. Fixing the issue turned out to be harder than it seemed to be, because the Stretch patch doesn't fix the issue (completely). Moreover the issue is only present with optimization flags, making debugging harder. * Test and upload a security update for libav (0.8.20-0+deb7u1). * Pursue my CVE triage work for Xen. Investigate to find security relevant parts of QEMU in Xen. This work is not public anymore, I plan to publish it as soon as possible in the ML. Cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E signature.asc Description: PGP signature
Re: Wheezy update of xrdp?
Hi, > >> the Debian LTS team would like to fix the security issues which are > >> currently open in the Wheezy version of xrdp: > >> https://security-tracker.debian.org/tracker/source-package/xrdp > >> > >> Would you like to take care of this yourself? > > > > I will use this as a chance to retreat from Christmas celebrations at > > some point this weekend ;). > > Do you still plan fixing the issue? Yes. I have started work on it again. There were a few nasty issues backporting the fix to xrdp 0.6.1 (for jessie-security), which I wanted to do first. Cheers, Nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security) signature.asc Description: PGP signature
Firefox 45
It doesn't work satisfying because of curios behavior to different URI. Especially when calling debian because of wrong certificates. This is really XAB. Firefoe now has 51, 45 seems to be too old too. What's wrong with these certificates? TOR-browser can't be used because of presuming 32 bit machine when it is an 64-bit one. Any idea?