[re-sending report, was not properly archived] Hi,
Here is my (E)LTS report for September. --- LTS I was allocated 10 hours. I have spent all of them in the following tasks: * 389-ds work: Triage CVE-2018-14638, not affecting Jessie. Investigate CVE-2018-14624, which affects Jessie. Backport patch, test and upload it. * openjpeg2 work: Reproduce and investigate CVE-2018-5785, write a patch, get feedback from upstream (patch was merged in the master) and backport it for Jessie. Not uploaded yet, this patch will be included in a more substancial upload this month. ---- ELTS I was allocated 6 hours. I have spent 2.75 of them in the following tasks: * tiff3 work: Mark CVE-2018-17101, CVE-2018-17100 and CVE-2018-17000 <ignored>. Mark CVE-2018-15209 and CVE-2018-16335 <postponed> (I have tried to investigate the issues and develop a patch but couldn't reproduce the issues properly on my system. Also, I discovered that recent fixes made exploit and reproduction even harder. After spending some time on it I decided to just postpone them and wait for a patch from upstream). Best Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature