In April 2016, my second month as a debian-lts contributor, I was
allocated 10 hours and I used all the 10 hours.
In this time I did the following:
- Released security update of imagemagick to wheezy-security.
- Lots of work on libav and dependancies of libav.
- Created private signed repository
Brian May writes:
This month I had 10 hours and I spent my 10 hours on the following
tasks:
* XBMC CVE-2017-5982. This is slow going due to time taken to build
different versions. I found that *all* versions of xmbc/kodi are
vulnerable, and (contrary to some websites) there is no upstream fi
Hi,
April 2017 was my eighth month as a payed Debian LTS contributor.
I was allocated 15.5 hours. I spent all of them doing the following
tasks:
* Prepare, test and upload a security update for potrace
(1.10-1+deb7u2) fixing CVE-2016-8685.
* Prepare, test and upload a security update for part
Hi,
An early report as I've run out of hours sooner than expected...
* frontdesk: one week of triage and a discussion about postponed
packages and calibre maintenance
and review. i also reviewed the ruby work later on and looked at the
Firebird package
* qemu: triaged out CVE-2018-78
Hi,
April 2018 was my 20th month as a payed Debian LTS contributor.
I was allocated 20.5 hours. I have spent all of them in the following
tasks:
* Continue my Ming work:
- Finish to prepare patch for ming issue #121, test it and get it
merged. Also ask for CVE number. (2.5h)
- Prepare,
On 2017-04-19 19:05:36, Brian May wrote:
[...]
> As I have run out of hours this month, if anybody else wants to take
> over either of these, please let me know and I will provide more
> details.
I'd take a look at the XBMC thing...
a.
--
L'adversaire d'une vraie liberté est un désir excessif
Am 19.04.2017 um 11:05 schrieb Brian May:
> Brian May writes:
[...]
> * Heimdal CVE-2017-6594. Prepared initial patch for Wheezy/Stretch
> release before it was publicly announced, although found it was
> missing a hunk. This has been corrected in the official release.
>
> The fix applies c
Antoine Beaupré writes:
> On 2017-04-19 19:05:36, Brian May wrote:
>
> [...]
>
>> As I have run out of hours this month, if anybody else wants to take
>> over either of these, please let me know and I will provide more
>> details.
>
> I'd take a look at the XBMC thing...
The webserver is in xbmc
Markus Koschany writes:
> Since you are also the maintainer of Heimdal, do you intend to upload
> the fix to Wheezy this month?
I just got a respone from the security team on this. They feel it isn't
a serious issue, because not many people use Kerberos in multi-realm
mode. So they have suggeste
Brian May writes:
> Hence I don't consider this urgent either, however I do plan to do this.
An update: I have mostly applied the patch in git, for Jessie (I imagine
any good patch for Jessie will work as is on Wheezy).
ssh://git.debian.org/git/collab-maint/heimdal.git - debian/jessie branch
H
On 2017-04-20 08:08:50, Brian May wrote:
> Antoine Beaupré writes:
>
>> On 2017-04-19 19:05:36, Brian May wrote:
>>
>> [...]
>>
>>> As I have run out of hours this month, if anybody else wants to take
>>> over either of these, please let me know and I will provide more
>>> details.
>>
>> I'd take
On 2017-04-26 12:03, Antoine Beaupré wrote:
> For the record, I haven't *quite* figured out how to extract the data
> from my own Kodi instance at home, running 16.1 from backports. The /vfs
> trick doesn't work, nor the /image/image trick from the advisory - but
> god knows what's possible at thi
Antoine Beaupré writes:
>> Case (a), URL prefixed with "/vfs", we return the result of
>> CreateFileDownloadResponse(). The first 5 characters are removed - so
>> if "/vfs/" prefixed it strips the entire prefix - but curously doesn't
>> check the 5th character. So /vfss would also get stripped.
Brian May writes:
> An update: I have mostly applied the patch in git, for Jessie (I imagine
> any good patch for Jessie will work as is on Wheezy).
>
> ssh://git.debian.org/git/collab-maint/heimdal.git - debian/jessie branch
>
> However currently having test failures. The tests refer me to:
>
>
Brian May writes:
> I have continued looking at this, but now getting anywhere. The Jessie
Correction: "not getting anywhere".
--
Brian May
I am just about to untake xbmc. I don't think it makes sense to continue.
Upstream bug report:
https://trac.kodi.tv/ticket/17314
This issue, and the lack of response to the upstream bug report, clearly
makes me think upstream is not serious about security issues. As such I
think this webserver (a
16 matches
Mail list logo
