After some nice family vacation in Scandinavia, I did six hours of work on the Debian LTS project as a paid contributor at the end of this month. Thanks to all LTS sponsors for making this possible.
This is my list of work done in August 2018:
- Research phpldapadmin (CVE-2018-12689) [1], overhead from July 2018, upload is still to come (planned for the coming week)
- Upload of 389-ds-base (DLA 1483-1)
- Upload of spice (DLA 1486-1).
The patch that has been proposed by upstream to fix CVE-2018-10873 has been controversially discussed [2].
Please refer to my review comment in the package's patch file for my reasoning [3] behind accepting upstream's patch for the fix of this package in Debian LTS. - Upload of spice-gtk (DLA 1489-1).
- Fix a corner case flaw in the gen-DLA (and gen-DSA) script [4].
light+love
Mike
References
[1] https://lists.debian.org/debian-lts/2018/07/msg00123.html
[2] http://www.openwall.com/lists/oss-security/2018/08/17/4 (follow thread)