In August 2020, I have worked on the Debian LTS project for 16 hours (of 8 hours planned, plus another 8 hours that I carried over from July).
For ELTS, I have worked for another 8 hours (of 8 hours planned).
LTS Work
- LTS frontdesk: triage wireshark, yubico-piv-tool, trousers, software-properties, qt4-x11, qtbase-opensource-src, openexr, netty and netty-3.9
- upload to stretch-security: libvncserver 0.9.11+dfsg-1.3~deb9u5 (fixing 9 CVEs, DLA-2347-1 [1])
- upload to stretch-security: php-horde-core 2.27.6+debian1-2+deb9u1 (1 CVE, DLA-2348 [2])
- upload to stretch-security: php-horde 5.2.13+debian0-1+deb9u3 (fixing 1 CVE, DLA-2349-1 [3])
- upload to stretch-security: php-horde-kronolith 4.2.19-1+deb9u1 (fixing 1 CVE, DLA-2350-1 [4])
- upload to stretch-security: php-horde-kronolith 4.2.19-1+deb9u2 (fixing 1 more CVE, DLA-2351-1 [5])
- upload to stretch-security: php-horde-gollem 3.0.10-1+deb9u2 (fixing 1 CVE, DLA-2352-1 [6])
- upload to stretch-security: freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 (fixing 14 CVEs, DLA-2356-1 [7])
- prepare salsa MRs for gnome-shell (for gnome-shell in stretch [8] and buster [9])
ELTS Work
- Look into open CVEs for Samba in Debian jessie ELTS. Revisit issues affecting the Samba AD code that have previously been considered as issues.
Other security related work for Debian
- upload to buster (SRU): libvncserver 0.9.11+dfsg-1.3+deb10u4 (fixing 9 CVEs) [10]
References
- [1] https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html
- [2] https://lists.debian.org/debian-lts-announce/2020/08/msg00047.html
- [3] https://lists.debian.org/debian-lts-announce/2020/08/msg00046.html
- [4] https://lists.debian.org/debian-lts-announce/2020/08/msg00048.html
- [5] https://lists.debian.org/debian-lts-announce/2020/08/msg00049.html
- [6] https://lists.debian.org/debian-lts-announce/2020/08/msg00050.html
- [7] https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
- [8] https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/40
- [9] https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/41
- [10] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969190