My Work on Debian LTS/ELTS (February 2019)

In February 2019, I have worked on the Debian LTS project for 6 hours (of originally planned 10 hours) and on the Debian ELTS project for another 6 hours as a paid contributor. The non-worked 4 LTS hours I will carry over into March 2019.

LTS Work

  • Upload and announce FreeRDP security fixes and RDP v6 / CredSSP v3 proto updates (DLA-1666-1 [1])

ELTS + LTS Work (shared hours)

  • Chew on OpenSSH security fixes. Esp. CVE-2019-6111 caused me headaches with the final result that the said fix for CVE-2019-6111 did not fix it entirely. See Debian bug #923486 [2].

CVE-2019-6111 has already been amended fully now in Debian unstable's and stable's version of OpenSSH. For jessie LTS a fixed version will be provided within the next couple of days.