Hi, November 2016 was my third month as a payed Debian LTS contributor.
I was allocated 11 hours. I spent all of them in CVE triage for Xen. Longer explanation: It has been reported by Guido Günter that Xen before v4.4.0-1 embeds a copy of QEMU 0.10.2. Xen has version 4.1.4 in wheezy, so it is potentially vulnerable to all security issues affecting QEMU in the last years. I have written a script to determine which security issues had to be triaged (roughly 160 security issues involved) and triaged 120 of them. 45 issues turned out to be affecting Xen in wheezy. Cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Description: PGP signature