My Work on Debian LTS (September 2018)

In September 2018, I did 10 hours of work on the Debian LTS project as a paid contributor. Thanks to all LTS sponsors for making this possible.

This is my list of work done in September 2018:

  • Upload of polarssl (DLA 1518-1) [1].
  • Work on CVE-2018-16831 discovered in the smarty3 package. Plan (A) was to backport latest smarty3 release to Debian stretch and jessie, but runtime tests against GOsa² (one of the PHP applications that utilize smarty3) already failed for Debian stretch. So, this plan was dropped. Plan (B) then was extracting a patch [2] for fixing this issue in Debian stretch's smarty3 package version from a manifold of upstream code changes; finally with the realization that smarty3 in Debian jessie is very likely not affected. Upstream feedback is still pending, upload(s) will occur in the coming week (first week of Octobre).

light+love
Mike

References

[1] https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html

[2] https://salsa.debian.org/debian/smarty3/commit/8a1eb21b7c4d971149e76cd2b...