-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 March 2019 was my 14th month as a Debian LTS paid contributor. I was assigned 14 hours and I spend all of them for the following:
* otrs: Fixed CVE-2019-9752, tested and uploaded[1] * wordpress: New version uploaded to fix CVE-2019-8942, CVE-2019-9787 and released DLA[2]. Backporting fixes are not an option for wordpress. No neat description regarding the fixes nor reply from upstream developers. * ruby2.1: Fixed couple of vulnerabilities in the rubygems in ruby2.1 and released DLA[3] * mumble: regression reported[4]. A new build was made which maintainer helped in testing with researcher's PoC but still susceptible to DoS. Will prepare an update with latest version in its point release. * jruby: the same rubygems vulnerability also affects in jruby. Currently jruby in jessie is FTBFS. Working on fixing it and remaining issues. Regards Abhijith PA [1] - https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html [2] - https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html [3] - https://lists.debian.org/debian-lts-announce/2019/03/msg00037.html [4] - https://github.com/mumble-voip/mumble/issues/3605 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlynZ54ACgkQhj1N8u2c KO80HBAAhFUErKF8TJdYvow4ZVRzMSSwoTN3hKOEdrn4tpEepOskvf4thcw+vSlH sSSSMskLOfy1DKQYbjNE/p3NFg3+/Nam7oOzGoC026NlfuankJJ6QVkSQ+3npFmi qqAwj3JKs0wvSvH6N4DN8awYRszO4HYUoWhelCMpm+nEwXngr7eOnBgezHFZcVwG qqgxyOgMfdcePMF3h6db0IbxBJLplEJfo3Xjpiz6yp6whfyQynQk6apfJpSlKoXF TtiVt8zCcdwXFQcMvj0j+x/1lKHpVafH0Hd7CrLfT1IGoVUFi2p0+LXArEPA8sB1 WZIb5kZIqPTJNe/iAoqfoLPPhdAZoNd0AznAmfqru5Z1hUzyANW6FlxcNrqm13wU IY9Fk8syybJM5O6TAMFe/aTSanzKtHdR3IGoE0A79Z3ybK+Qshyodqpb+8wDQbAu ydXSLs4ntohE1DwcJXMHbfdAvXoFmmCqoPxTE0sOv/9N95lX7ADkuQOrmAeqB99r 4VRiNHni0ZtFO0OAjtAZUiith6b62P3CossVUgoVH2ErFCPwhL6sNhbsAjYC+EFT zzVebGvKITWw7aBE9UaKRggHVCPozFER0iUEMnaDOUhk78fl0fBGdR75G17WwQsY AGKez9TRzUeicM1RhmvhJlz0OZyaS2rAbTHwrgf+nmDoFELjJ7U= =51fL -----END PGP SIGNATURE-----
