For September I spent 15 hours on the following LTS tasks: - qemu: triage/investigate CVE-2017-11334, CVE-2018-12617, CVE-2018-15746 (all were deferred) - ghostscript: CVE-2018-16543 (I made an attempt at a fix but ended up turning it back over to Markus, who was able to complete a fix) - php5: CVE-2018-17082 (prepared an update from the new upstream release 5.6.38) - sympa: review and upload an update for CVE-2018-1000671 by Abhijith PA - imagemagick: CVE-2018-16329, CVE-2018-16412, CVE-2018-16413, CVE-2018-16642, CVE-2018-14551, CVE-2018-16643 (there are still more CVEs to address in the next upload; I will continue working on those)
I also spent 16 hours on the following ELTS tasks: - mupdf: triage/investigate CVE-2018-16647, CVE-2018-16648 (both were N/A) - openssh: CVE-2018-15473, prepared an update and a regression update following reports of problems with the initial update - lcms/lcms2: CVE-2018-16435, prepared updates for both packages - php5: CVE-2018-17082, backported patch from 5.6.38 and prepared update - nss: CVE-2018-12384, backported upstream patch and now waiting on upstream bug to become public for access to a reproducer to confirm the fix Regards, -Roberto -- Roberto C. Sánchez