LTS report for September 2018 - Abhijith PA

[Abhijith PA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


September 2018 was my 8th month as a Debian LTS paid contributor. I was
assigned 15 (10 + 5 hours carried from last month) hours but I only
able to do 11. I am carrying rest to next month.

I have spent these hours on;

 * mupdf: investigated CVE-2018-16647, CVE-2018-16648. Though codebase
   look almost similar. Couldn't reproduce given POC and marked as
   ignored.

 * sympa: Fixed CVE-2018-1000671 and released DLA[1].

 * activemq: Investigated on CVE-2018-11775, which was about enabling
   SSL and backporting such feature to very old codebase seems hard.
   Thus marked as no-dsa.

 * otrs2: Fixed CVE-2018-16586, CVE-2018-16587 and released DLA[2].

 * mgetty: Just released DLA[3] for the update prepared and uploaded by
   Andreas Barth.

 * strongswan: Fixed CVE-2018-16151, CVE-2018-16152 and released DLA[4].

 * jekyll: Prepared update for CVE-2018-17567.


Thanks to Markus Koschany and Roberto C. Sánchez for uploading the fixes
.


Regards.
Abhijith PA

[1]- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html
[2]- https://lists.debian.org/debian-lts-announce/2018/09/msg00033.html
[3]- https://lists.debian.org/debian-lts-announce/2018/09/msg00012.html
[4]- https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlu6LFEACgkQhj1N8u2c
KO+aVA/9EaS9OqRdHVsSOhiT7xK+Lva7ErUI6NkeNgTTIJy4Iis8sUdzGEV39WjV
TYPfi88EtV/DlRanEpt4jWMU2zPK6GbUOJdml1KL1OZ5XoHXQwkD/luhg9woSdjO
b6P9PAxgRjE1uFrpHwkezmovWFAwhg8WLXwuxFbmQVGr8LMHsyJAzKSYDEL4YnrO
x7x2OcPcBn7NIfnsqt3/v1vnk+TeNqy7WJOjy//3YXQ2A5emGL9ATe4fTCfVpnXP
YGf4pDLJITXoJcTutMCUQQOVFo/ovK1EgmNOuaubuUJ7dj0JvffZMm5LkedhjLBC
BIpeLOQLATeuvU/AraU0wYxePaB6BcP/0QtW7bUI80PWbsALPugCgF81DvsSS7z2
MW0NcVsTRnyv3P7snNJS9J6XHGGY0cOhoyGsH4d1wcmZ3ZZKwbdYFVn2FVY4zRxW
mEi5P5Eukxz99Ic2Py26IqZeE6mNkjRSK38rfnHX94T7xm0tvgAmYR0cpKey+IBL
9MAvdYtkl3XhrwxpdKe7LXHFf418A3W58B6TPJt2jFOAopek8dqVUcGEreN2Ko2i
M34WN2q1vOYuJpASYDapHeIs9oUVxafhsyfV1r2FxvWAbg+3pdB+qa/ND9pdCJIA
zso3SQUqn6BBhE/OYM4ak8BeGxyufmwz/M+GH7waQvBB952aOH8=
=jOXc
-----END PGP SIGNATURE-----