In August 2019, I have worked on the Debian LTS project for 24 hours (of 24.75 hours planned) and on the Debian ELTS project for another 2 hours (of 12 hours planned) as a paid contributor.
LTS Work
- Upload fusiondirectory 1.0.8.2-5+deb8u2 to jessie-security (1 CVE, DLA 1875-1 [1])
- Upload gosa 2.7.4+reloaded2+deb8u4 to jessie-security (1 CVE, DLA 1876-1 [2])
- Upload gosa 2.7.4+reloaded2+deb8u5 to jessie-security (1 CVE, DLA 1905-1 [3])
- Upload libav 6:11.12-1~deb8u8 to jessie-security (5 CVEs, DLA 1907-1 [4])
- Investigate on CVE-2019-13627 (libgcrypt20). Upstream patch applies, build succeeds, but some tests fail. More work required on this.
- Triage 14 packages with my LTS frontdesk hat on during the last week of August
- Do a second pair of eyes review on changes uploaded with dovecot 1:2.2.13-12~deb8u7
- File a merge request against security-tracker [5], add
--minoroption tocontact-maintainersscript.
ELTS Work
- Investigate on CVE-2019-13627 (libgcrypt11). More work needed to assess if libgrypt11 in wheezy is affected by CVE-2019-13627.
References
- [1] https://lists.debian.org/debian-lts-announce/2019/08/msg00008.html
- [2] https://lists.debian.org/debian-lts-announce/2019/08/msg00009.html
- [3] https://lists.debian.org/debian-lts-announce/2019/08/msg00039.html
- [4] https://lists.debian.org/debian-lts-announce/2019/09/msg00000.html
- [5] https://salsa.debian.org/security-tracker-team/security-tracker/merge_re...