Hi, Here is my LTS report for January.
I was allocated 20 hours. I have spent all of them in the following tasks: * libsndfile: + Analyse upstream patch for CVE-2018-19758. Prepare, test and upload security update addressing this issue (DLA-1632-1) * qemu: + Investigate CVE-2018-19665, produce a trimmed down version of upstream patch. Not uploaded yet, I am still discussing what I consider to be issues in the patch, and Philippe Mathieu-Daudé from RedHat is planning to release an updated version soon. + Prepare, test and upload a security update addressing CVE-2018-17958, CVE-2018-19489 and CVE-2018-19364 (DLA-1646-1) * aria2: + Analyse, reproduce CVE-2019-3500, backport patch, test and upload it (DLA-1636-1) * libpng: + Analyse CVE-2019-6129 and mark it ignored, see my post on upstream's bug report. * openjpeg2: + Analyse CVE-2018-5727 and mark it <ignored> in jessie. After discussion with the security team decide to mark it unimportant in all suites. * tmpreaper: + Analyse CVE-2019-3461, backport stretch update to jessie (DLA-1640-1) * phpmyadmin: + review lucas' update, issues in table creation. * faad2: + start working on patches. Nothing online yet, this is likely to take a few weeks since there are many issues and patches have to be written from scratch. Best Regards, Hugo  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916278  https://lists.debian.org/debian-lts/2019/01/msg00071.html -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Description: PGP signature