Hi, Here is my LTS report for December.
I was allocated 20 hours. I have spent all of them in the following tasks: * libsndfile: + investigate CVE-2018-19432 and show it is a duplicate of CVE-2018-13139. Do not ask for CVE rejection though since issues have different symptoms/paths and seem to be (legitimately) registered under different categories. + investigate CVE-2018-19661, CVE-2018-19662, CVE-2017-17456 and CVE-2017-17457, show that they are not duplicates, prepare a patch addressing these issues and get it reviewed by upstream (was merged in master). + investigate CVE-2017-14245 and CVE-2017-14246 and show they are duplicates of CVE-2017-17457 and CVE-2017-17456. Ask for CVE rejection. + prepare security update addressing CVE-2018-13139, CVE-2018-19432 CVE-2017-8365, CVE-2017-8363, CVE-2017-8362, CVE-2017-8361, CVE-2017-14634, CVE-2017-17457, CVE-2017-17456, CVE-2017-14246, CVE-2017-14245, CVE-2018-19662 and CVE-2018-19661. Test and publish it (DLA 1618-1). + take a look at CVE-2018-19758, report bug on upstream bug tracker (was only tracked on redhat's bug tracker) and start investigating the issue. * openjpeg2: + finish my patch for CVE-2018-6616 and get it reviewed by upstream (was merged in master). + find patch for CVE-2018-14423, update the tracker. + prepare security update shipping previous patches, test and upload it (DLA 1614-1). * tiff: + update my patch for CVE-2018-19210 according to upstream's review. The patch is still under review at the moment. + investigate undetermined issue CVE-2018-5360 and show it is a duplicate of older issue CVE-2014-8127. Ask for CVE rejection. * sleuthkit: + prepare a security update addressing CVE-2018-19497, test and upload it (DLA-1610-1). * graphicsmagick: + Investigate CVE-2018-20184, come with a trimmed down version of upstream patch. + Prepare test and upload a security update addressing CVE-2018-20184, CVE-2018-20185 and CVE-2018-20189 (DLA 1619-1). Best Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Description: PGP signature