I've worked during January 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS and ELTS - paramiko - CVE-2023-48795
Unfortunatly only _after_ backporting the patch for CVE-2023-48795
(terrapin) and fighting
During the month of January 2024 and on behalf of Freexian, I worked on the
following:
php-phpseclib
-
Uploaded 2.0.30-2~deb10u2 and issued DLA-3718-1
https://lists.debian.org/msgid-search/?m=zbhgvxygvemfp...@debian.org
* CVE-2023-48795: Terrapin attack
phpseclib
-
I've worked during january on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
tinyxml
--
Fix CVE-2023-34194 and release ELA-1029-1.
Note that this project is dead upstram, but a fork seems
In January I worked on the following issues for apache2:
- CVE-2006-20001
- CVE-2022-36760
- CVE-2022-37436 (WIP)
Thanks to the sponsors for financing this work, and to Freexian for
coordinating!
Regards,
Lee
DLAs released:
DLA-3292-1 sofia-sip
CVE-2023-22741
DLA-3304-1 fig2dev
CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676
CVE-2021-32280
DLA-3305-1 libstb
CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219
CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223
During the month of January 2023 and on behalf of Freexian, I worked on the
following:
* DLA-3270-1: net-snmp 5.7.3+dfsg-5+deb10u4
CVE-2022-44793 and CVE-2022-44792
https://lists.debian.org/msgid-search/Y8Nreff/4mms8...@debian.org
* DLA-3271-1: node-minimatch 3.0.4-3+deb10u1
I've worked during January 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- liapreq2: DLA-3269-1 (CVE-2022-22728)
- libde265: DLA-3260-1 (see ELA for CVE list)
- modsecurity-apache: DLA-3280-1
Hi,
During the month of January I worked on the following tasks for stretch LTS:
- thunderbird 91 ESR update
- thunderbird armhf failure
- clamav security update
- gdal security update
- firefox-esr security update
- thunderbird security update
- pillow security update
- openjdk-8 security
Hello,
For January I had 5 hours remaining from last month. I spent all of them for :
* libraw: There were 28 open CVEs. Marked 6 among those as not-affected.
Fixed 22 CVEs, tested and uploaded [DLA 2903-1]
Regards
Abhijith
[DLA 2903-1] -
January was my 35th month as a Debian LTS paid contributor. I had a
total of 28h. I've spent only 9h and carrying remaining hours to next
month.
* spice-vdagent: Fixed CVE-2017-15108 CVE-2020-25650 CVE-2020-25651
CVE-2020-25652 CVE-2020-25653, tested and uploaded[1]. Also
preparing
hi,
in January 2021 I spent 6.5h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- prepare and run the monthly team meeting on irc
- mail and irc communication, incl.
- semi-automatic unclaim
Hours worked:
14 hours
DLA-2513 p11-kit
CVE-2020-29361 CVE-2020-29362
DLA-2514 flac
CVE-2017-6888 CVE-2020-0499
DLA-2538 mariadb-10.1
CVE-2020-14765 CVE-2020-14812
wireshark - will be released on 6.2.2021 after 2.6.20-0+deb10u1
with the same changes is in the buster point release
Hi,
During January I spent 8 hours on LTS updating firefox, thunderbird, and firefox
again, as well as fixing some problems with the VM.
As for ELTS I spent 1.5h doing triaging work.
Cheers,
Emilio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
[Sorry for the late report. I was caught up in FOSDEM and ruby sprint]
January was my 23rd month as a Debian LTS paid contributor. I was
assigned 14 hours. I was only able to spent 10 hours and I gave back
rest to the pool.
* gthumb: Fixed
Hi,
January was my 1st month as a Debian LTS paid contributor.
I was assigned 8 hours and I spent 6.5 hours for the following:
transfig:
+ Fixed CVE-2018-16140, CVE-2019-14275, CVE-2019-19555, tested,
uploaded and released DLA.
+ Investigate CVE-2019-19746 and CVE-2019-19797, but they were not
Hi,
During the month of January, I spent 42.5 hours working on LTS on the following
tasks:
- thunderbird 60.4.0 ESR security update
- tzdata and libdatetime-timezone-perl new releases
- investigated symfony test failures
- policykit-1 security update
- investigated lua vulnerability, which
Hello,
Here's my report for January.
## sbuild regression
My first stop this month was to notice a problem with sbuild from
buster running on jessie chroots ([bug #920227][]). After discussions
on IRC, where fellow Debian Developers basically fabricated me a patch
on the fly, I sent [merge
Hi,
In January I was allocated 4h and I carried 1h from December, and I
spent the 5h doing the following:
* phpmyadmin:
- Backported patches to fix CVE-2018-19968 and CVE-2018-19970, tested
them and uploaded the updated package. The DLA was properly sent [1].
- Initial attempt to triage
January 2019 was my 12th month as a Debian LTS paid contributor. I was
assigned 12 hours and I spend all of them for the following:
* libraw: There are 29 vulnerabilities reported against libraw. Almost
all of them are results of fuzz testing. Marked CVE-2017-14348,
CVE-2018-20337,
Hi,
(Sorry for the late report)
Last month I worked 9 hours on LTS. I spent that time on:
- CVE triaging
- gdk-pixbuf: investigated regression, and update
- transmission testing and sponsorship
- mysql-5.5 update
- firefox-esr update
Cheers,
Emilio
This month I was allocated 13 hours and carried over 1.25 hours
from January.
I used 13 hours in which I worked on the following:
* [DLA 824-1] libevent security update
Fixed wheezy and also adopted the package and fixed jessie and
unstable
* [DLA 838-1] shadow security update
* [DLA
This month I was allocated 12.75 hours and carried over 2.5 hours
from December.
I used 14 hours in which I worked on the following:
* [DLA 799-1] ming security update
Last month I have prepared several fixes which have been accepted
since then. This month I have uploaded the package with
For January I spent 12.5 hours as follows:
* php5: multiple issues
- CVE-2016-7125, CVE-2016-9137, CVE-2016-9138: researched and
documented non-applicable or already fixed issues
- CVE-2016-3141: picked up Raphaël's work in progress and based on his
notes integrated/backported an
Hi,
This month I was allocated 12.75h (plus 2.5h carried from last month). I spent
this time doing the following:
- DLA 684-2: libx11 regression update
- DLA 784-1: gcc-mozilla new package
- DLA 800-1: firefox-esr security update
- DLA 801-1: libxpm security update
- DLA 802-1: openjdk-7
24 matches
Mail list logo
