Hi, during December I worked 13.5 of the allocated 13.5 hours (11h + 2.5h from previous months) on LTS. During this time I did the following:
* libvorbis: The plan was to get this resolved in December but although the fixes for CVE-2017-14632 and CVE-2017-14633 were applied upstream now my patch for CVE-2017-14160 is still without comments and I'm not yet sure about the root cause. So I spent some more time on this but will have to look into this again in January. * Triaged 4 QEMU CVEs and marked them as postponed since they can be updated when more serious issues pile up. * Triaged some XEN CVEs and handled the communication with Credativ. * Tested lts-bts script again and committed it to the secure-testing repository (since nobody objected). * Prepared and released DLA-1221-1 and DLA-1222-1 fixing CVE-2017-17405 and CVE-2017-17790 in ruby1.8 and ruby1.9.1. * Prepared and released DLA-1223-1 to fix several issues in Thunderbird formerly known as Icedove. * Updated some LTS related scripts to continue to work after the security-tracker's SVN→Git migration and helped Salvatore a bit with the actual migration (although most of this was done on non-LTS time). Cheers, -- Guido
