My Work on Debian LTS (May 2020)

In May 2020, I have worked on the Debian LTS project for 14.5 hours (of 14.5 hours planned).

LTS Work

  • Frontdesk: CVE bug triaging for Debian jessie LTS: exim4, cups, log4net, apt, openconnect, libexif, json-c, tomcat8, and graphicsmagick.
  • review and sponsor upload to jessie-security: libexif (DLA-2214-1 [1], 5 CVEs)
  • review and sponsor upload to jessie-security: libexif (DLA-2222-1 [2], 4 CVEs)
  • upload to jessie-security: json-c (DLA-2228-1 [3] and DLA-2228-2 [4], 1 CVE)
  • upload to jessie-security: php-horde-gollem (DLA-2228-1 [5], 1 CVE)
  • upload to jessie-security: php-horde (DLA-2280-1) [6], 1 CVE)
  • start looking into the current FreeRDP (v1.1) and FreeRDP (v2) CVE hell...

Other security related work for Debian

  • review and sponsor uploads of libexif to stretch, buster and unstable (8 CVE fixes for stretch, 5 CVE fixes for buster) [7]
  • revisit long overdue uploads of ssvnc to stretch and buster (4 CVE fixes each) [8]
  • upload php-horde-gollem to stretch and buster (1 CVE fix each) [9]
  • upload php-horde to stretch and buster (1 CVE fix each) [10]

Credits

  • Many thanks to Hugh McMaster for handling all the libexif security upload preparations himself. This was really good work. Hugh, please consider becoming a(n official) developer in the Debian project (at the very least you should aim at obtaining Debian Maintainer status).

References