LTS:
glibc:
- Released DLA-3807-1, fixing CVE-2024-2961.
- Fixed and enabled the build tests and autopkgtest.
gst-plugins-base1.0:
- Released DLA-3824-1, fixing CVE-2024-4453.
libkf5ksieve:
- Released DLA-3809-1, fixing CVE-2023-52723.
ELTS:
glibc:
- Released ELA-1087-11, fixing
I've worked during May 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS and LTS:
gnutls28 (ELA-1090-1)
=
This involved a lot of triaging and some verdicts were that the version
in
Hi,
This is my first month as a (E)LTS contributor since 2019, it is good to
be back :)
This month I spent some time going through documentation and setting up
my work environment, and the rest of my time I worked on the analysis of
the ClamAV 1.0.x backport to (E)LTS releases, namely
Hi everyone,
in April I reviewed Bastien's apache2 security update for jessie and stretch. In
the process I also updated the ftf ansible repo to produce VM images compatible
with autopkgtest in qemu mode.
I also started on updating ansible in bullseye, however was not able finish it
yet due
LTS:
glibc:
- First part of work released as DLA-3807-1 in May.
gtkwave:
- DLA-3785-1 and DSA-5653-1 were released in April,
but the actual work was done and submitted for review in March.
pillow:
- Determined that CVE-2021-25291 does not affect buster.
- Released DLA-3786-1, fixing
Hi everyone,
in April I fixed the remaining changes of the samba packaging repo migration. It
turned out the issue was a mix of patches-applied and patches-unapplied quilt
usage with gbp, which caused seemingly unrelated build errors as symptom.
I also worked on ansible(-core), where I
I've worked during March 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS and LTS:
expat (ELTS)
Last month I've woCVE-2023-5242rked on expat for LTS, and the work continued
for ELTS -
I've worked during april on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
Putty
I have tested putty against terrapin and released DLA 3794-1
Fix of CVE-2024-31497 are proposed and wait review
LTS:
cpio:
- Added note that upstream considers CVE-2023-7216 (sole unfixed CVE)
normal behavior.
fontforge:
- Released DLA-3754-1, fixing CVE-2020-5395, CVE-2020-5496,
CVE-2024-25081 and CVE-2024-25082.
- Fixed CVE-2024-25081 and CVE-2024-25082 in sid.
- Fixed CVE-2024-25081 and
I've worked during March 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS and LTS:
nss (DLA 3757-1, ELA-1054-1)
Completed testing on nss and uploaded the package to LTS
LTS:
gsoap:
- Released DLA-3745-1, fixing CVE-2020-13574, CVE-2020-13575,
CVE-2020-13576, CVE-2020-13577 and CVE-2020-13578.
wireshark:
- Determined that CVE-2023-2906/wireshark does not affect <= buster.
- Determined that CVE-2023-5371 does not affect <= bullseye.
- Determined that
I've worked during february on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
sudo
---
I have released DLA 3732-1, following previous month work.
Ansible
--
Following previous month work, I
I've worked during February 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS and LTS:
nss (WIP)
=
nss has currently three (buster) and four (jessie,stretch) open
vulnerabilties. Some of the
I've worked during January 2024 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS and ELTS - paramiko - CVE-2023-48795
Unfortunatly only _after_ backporting the patch for CVE-2023-48795
(terrapin) and fighting
I've worked during january on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
tinyxml
--
Fix CVE-2023-34194 and release ELA-1029-1.
Note that this project is dead upstram, but a fork seems
LTS:
curl:
- Determined that CVE-2022-32207 does not affect <= buster.
- Found and documented a regression in CVE-2023-27534.
- CVE-2022-32207 does not affect <= buster
- Released DLA 3692-1, fixing CVE-2023-28322 and CVE-2023-46218,
also including 2 non-security fixes from contributors.
I've worked during December 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
opendkim - DLA-3680-1
(This is ELA-1017-1, but for buster)
On mentors.d.n a RFS caught my eyes; the package maintainer has
worked
Le mardi 2 janvier 2024, 14:53:22 UTC Bastien Roucariès a écrit :
Hi,
Obviously the report should be read for decembre 2023
> I've worked during november 2023 on the below listed packages, for Freexian
> LTS/ELTS [1]
>
> Many thanks to Freexian and our sponsors [2] for providing this
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
The work consisted to fix libreoffice both for stretch and jessie.
I have fixed CVE-2020-12801 CVE-2020-12802
LTS:
trafficserver:
- Released DLA-3645-1, fixing CVE-2023-41752 and CVE-2023-44487.
galera-3:
- Determined that CVE-2023-5157 in galera-4 does not affect galera-3.
gimp:
- Released DLA-3659-1, fixing CVE-2022-30067, CVE-2023-2
and CVE-2023-4.
- Determined that CVE-2023-3 does
I've worked during November 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
freerdp2: (DLA-3654-1)
Third time is a charme. After tackling it in September and October,
with DLA-3606-1 fixing a
I've worked during november 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
python3.5
---
Folowing previous month work, I have finalized to fix testsuite, by
regenerating
LTS:
poppler:
- Confirmed that CVE-2020-18839 is a duplicate of CVE-2020-27778
- Released DLA-3620-1, fixing CVE-2020-23804 CVE-2022-37050 CVE-2022-37051
- PoCs for all 3 CVEs were confirmed to be present in the unfixed
version and fixed in the fixed version
krb:
- Released DLA-3626-1, fixing
Hi everyone,
In October I published the initial version of ftf (functional test framework)
and fixed many things thanks to Santiago's feedback. It is now published at
https://gitlab.com/lgarrett/ftf.
I also spent time continuing work on samba, triaging the remaining CVEs and
preparing an
I've worked during October 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS:
firmware-nonfree - ELA-981-1
This was a contiunation of DLA-3596-1, which I've released in September,
this time for
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS
===
prometheus-alertmanager
---
I have released DLA 3609-1 following fixes from
DLAs released:
DLA-3593-1 gerbv
CVE-2021-40393 CVE-2021-40394 CVE-2023-4508
DLA-3595-1 trafficserver
CVE-2022-47185 CVE-2023-33934
ELAs released:
ELA-942-2 qpdf (stretch)
regression update
ELA-972-1 exempi (stretch)
CVE-2020-18651 CVE-2020-18652
ELA-974-1 ghostscript (jessie+stretch)
I've worked during September 2023 on the below listed packages, for
Freexian LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
ELTS:
zabbix - ELA-945-1, ELA-957-1
After zabbix has been released in August for buster (DLA-3538-1), I've
continued to
I've worked during September 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
ELTS:
My work this month was concentrated on libreoffice. This a huge package (with a
lot of line of code), that take a
On Sun, Sep 10, 2023 at 09:22:03PM +0300, Adrian Bunk wrote:
> DLAs released:
>...
> DLA-3552-1 gst-plugins-ugly1.0
> 2 vulnerabilities without CVE numbers assigned
>
>
> ELAs released:
>...
> ELA-941-1 gst-plugins-ugly1.0 (stretch)
> 2 vulnerabilities without CVE numbers assigned
>...
DLAs released:
DLA-3517-1 pdfcrack
CVE-2020-22336
DLA-3519-1 ghostscript
CVE-2023-38559
DLA-3528-1 poppler
CVE-2020-36023 CVE-2020-36024
DLA-3552-1 gst-plugins-ugly1.0
2 vulnerabilities without CVE numbers assigned
ELAs released:
ELA-928-1 poppler (jessie+stretch)
CVE-2020-36023
I've worked during July 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS:
zabbix - DLA-3538-1 (see advisory for details.)
A noteworthy change is for CVE-2013-7484, which changes the way
the
I've worked during August 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
===
docker.io:
* Santiago is trying to test my release. Testing is especially complicated due
to lack of integration test
In July I worked on the samba testing framework, which can now provision
bootable Debian VMs effortlessy, and also Windows VMs with the correct guest
agents. I have also packaged rhsrvany [0] in the process.
The provisioning part of the test framework will also be useful for other
functional
DLAs released:
DLA-3497-1 pypdf2
CVE-2023-36810
DLA-3513-1 tiff
CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433
CVE-2023-26965 CVE-2023-26966 CVE-2023-38288 CVE-2023-38289
ELAs released:
ELA-893-1 pypdf2 (stretch)
CVE-2023-36810
ELA-909-1 tiff (jessie+stretch)
CVE-2023-2908
I've worked during July 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
renderdoc: DLA-3501-1
- CVE-2023-33863, integer overflow possibly allowing RCE
- CVE-2023-33864, integer underflow,
I've worked during July 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
docker.io:
* I have continued my work on docker.io and investigate FTBFS #1040141
linked to fallout of CVE-2022-39253.
DLAs released:
DLA-3443-1 wireshark
CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952
DLA 3445-1 cpio
CVE-2019-14866 CVE-2021-38185
DLA-3470-1 owslib
CVE-2023-27476
DLA-3472-1 libx11
CVE-2023-3138
DLA-3474-1 systemd
CVE-2022-3821
DLA-3475-1 trafficserver
CVE-2022-47184 CVE-2023-30631
I've worked during June 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
nvidia-cuda-tools:
Triaging with the result that an update probably
does not make sense as fixed for CVEs are not
I've worked during May 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
non-packaging
=
continuing on "Forking repositories for the LTS namespace"
LTS:
nvidia-graphics-driver: Triaging
quot;Re: (E)LTS report for April 2023":
> > On Mon, May 01 2023 at 12:33:51 +0200, Tobias Frost scribbled
> > in "(E)LTS report for April 2023":
> > > I've worked during April 2023 on the below listed packages, for Freexian
> > > LTS/ELTS [1]
> &
On Wed, May 03 2023 at 17:51:20 +0100, Dameon Wagner scribbled
in "Re: (E)LTS report for April 2023":
> On Mon, May 01 2023 at 12:33:51 +0200, Tobias Frost scribbled
> in "(E)LTS report for April 2023":
> > I've worked during April 2023 on the below listed packag
On Mon, May 01 2023 at 12:33:51 +0200, Tobias Frost scribbled
in "(E)LTS report for April 2023":
> I've worked during April 2023 on the below listed packages, for Freexian
> LTS/ELTS [1]
> ELTS:
> =
>
> syslog-ng: ELA-832-1 for stretch and jessie (CVE-2022-
DLAs released:
DLA-3402-1 wireshark
CVE-2023-1161 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994
DLA-3407-1 jackson-databind
CVE-2020-10650
DLA-3408-1 jruby
CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255
CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755
CVE-2023-28756
I've worked during April 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
non-packaging
=
preparing "Forking repositories for the LTS namespace"
LTS:
intel-mircocode: DLA-3379-1
I've worked during March 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
libde265: DLA-3352-1 (10 CVEs, see ELA for details)
wireless-regdb: DLA-3356-1 (updating to newer version, for full
DLAs released:
DLA-3332-1 apr-util
CVE-2022-25147
DLA-3334-1 sofia-sip
CVE-2022-47516
DLA-3339-1 binwalk
CVE-2022-4510
DLA-3341-1 curl
CVE-2023-23916
DLA-3343-1 mono
CVE-2023-26314
A DLA for emacs was prepared, but is waiting for confirmation
that a regression that was discovered in
I've worked during February 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- wireshark/stretch: DLA-3313-1 (CVE-2022-4345 CVE-2023-0411
CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0417)
I've worked during January 2023 on the below listed packages, for Freexian
LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- liapreq2: DLA-3269-1 (CVE-2022-22728)
- libde265: DLA-3260-1 (see ELA for CVE list)
- modsecurity-apache: DLA-3280-1
After completing on-boarding in November, I've worked during December
on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
LTS:
- virglrenderer -- DLA 3232-1, fixing CVEs: CVE-2019-18388 CVE-2019-18389
Hi,
in November 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following LTS tasks:
DLA-3180-1: python-scciclient security update
=
Fixed CVE-2022-2996 for missing TLS certificate verification. Also,
helped to
Hi,
in October 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following (E)LTS tasks:
ELA-717-1: freerdp
==
Finished the upload of the update for freerdp after quite tiresome
backporting activites. FreeRDP 1 is a challenging package,
Hi,
in September 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following (E)LTS tasks:
ELA-xxx-1: freerdp
==
Did a lot of triaging work for all the open issues, aligning them with
freerdp in Debian stable and sid, and working out how to
Hi,
in August 2022, on behalf of Freexian and through my company velocitux
UG, I have worked on the following (E)LTS tasks:
ELA-666-1: sqlite3
==
Backported some security fixes to jessie. This was quite
time-consuming while I had to sort out how to properly run the test
suite,
Hi,
Last month, I worked on LTS on:
- CVE triaging
- sec-tracker improvements
- connman
- firefox-esr
- openjdk-8
- pgbouncer
- zsh
- freecad
- thunderbird
- expat
For ELTS I worked on:
- CVE triaging
- security-tracker
- openjdk-8
- python3.4
- zsh
- usbredir
- expat
Cheers,
Emilio
Hi,
During the month of January I worked on the following tasks for stretch LTS:
- thunderbird 91 ESR update
- thunderbird armhf failure
- clamav security update
- gdal security update
- firefox-esr security update
- thunderbird security update
- pillow security update
- openjdk-8 security
Hi,
During December I spent 41.5h on LTS working on:
- security-tracker improvements (looking at issue in 8795311f)
- firefox-esr toolchain updates (cargo, cbindgen, as well as supporting Roberto
with LLVM and rust)
- firefox-esr update
- thunderbird update
- CVE triaging
I also spent 10h on
During the month of November, I spent 17h on LTS working on
- remove no-dsa tags script
- udisks2
- security-tracker improvements
- CVE triaging
- mbedtls
For ELTS, I spent 14h working on
- remove no-dsa tags script
- update-nvd sec-tracker checks
- udisks2
- jqueryui
- openjdk-7
- CVE
Hi,
Since my previous report I have spent 21.5h on LTS working on:
- triaging
- apache2
- firefox-esr
- thunderbird
- openjdk-8
- firefox-esr 91 preparations
- tzdata, libdatetime-timezone-perl
For ELTS I have spent 21h on:
- triaging
- apache2
- linux-4.9
- openjdk-7
- openjdk-8
- openjdk-7
hi,
in October 2021 I spent 1h coordinating the hand-over of my activities to
Jeremiah:
- mail and irc communication, incl.
- coordinating with Jeremiah
- explaining stuff to Jeremiah
I expect this was my last month as an active LTS contributor for the immediate
future. (However for now
hi,
in September 2021 I spent 3h managing (E)LTS contributors and coordinating
hand-over of my activities to Jeremiah:
- dispatch work hours for LTS and ELTS
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DLAs on www.d.o
-
LTS Hours worked:
19.5 hours
DLA 2770-1 weechat
CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516
DLA 2771-1 krb5
CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750
DLA 2772-1 taglib
CVE-2017-12678 CVE-2018-11439
ELTS hours worked:
3 hours
ELA-489-1 weechat
CVE-2021-40516
LTS Hours worked:
11 hours
DLA-2734-1 curl
CVE-2021-22898 CVE-2021-22924
Non-DLA LTS work:
- debugged ledger issue that caused non-zero leftover time
in past months
- fixed bin/give-back-hours when run in August/September
ELTS hours worked:
3 hours
ELA-470-1 curl
CVE-2021-22898
hi,
in August 2021 I spent 3h managing (E)LTS contributors:
- dispatch work hours for LTS and ELTS
- prepare the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DLAs on
hi,
in June 2021 I spent 3.5h managing (E)LTS contributors:
- dispatch work hours for LTS and ELTS
- prepare the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DLAs on
Hi,
During the month of June I spent 29h on LTS working on:
- triaging
- redmine security update
- webwml parser squeeze issue
- libx11 security update
- firefox-esr security update
- isc-dhcp security update
- caribou regression update
- thunderbird security update
- apache2 security update
-
hi,
in May 2021 I spent 5.5h managing (E)LTS contributors and onboarding
the new coordinator which in the end didn't work out, so I've been
resuming this role for the time being.
- dispatch work hours for LTS and ELTS
- mail and irc communication, incl.
- onboarding Lynoure, explaining my work
Hi,
Since my last report, I have spent 80h on LTS on the following tasks:
- familiarizing with triaging scripts
- CVE triaging
- openssl, openssl1.0
- firefox-esr security updates
- thunderbird security updates
- lxml regression fix
- xdg-utils
- openjdk-8 security updates
- tzdata and
hi,
in April 2021 I spent 10h managing (E)LTS contributors:
- dispatch work hours for LTS and ELTS
- prepare the monthly Freexian blog post published on raphaelhertzog.com
- participate in the monthly team meeting on jitsi
- mail and irc communication, incl.
- semi-automatic unclaim packages
hi,
in March 2021 I spent 6h managing (E)LTS contributors:
- dispatch work hours for LTS and ELTS
- prepare the monthly Freexian blog post published on raphaelhertzog.com
- prepare and run the monthly team meeting on irc
- mail and irc communication, incl.
- semi-automatic unclaim packages
-
hi,
in February 2021 I spent 6h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- partly participate in the monthly team meeting using nextcloud video
- mail and irc communication, incl.
-
hi,
in January 2021 I spent 6.5h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- prepare and run the monthly team meeting on irc
- mail and irc communication, incl.
- semi-automatic unclaim
hi,
in December 2020 I spent 3.5h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing
Hi,
During the last month I have spent 22.75h on LTS working on:
- thunderbird security updates
- libproxy security update
- security-tracker improvements
- firefox-esr security update
- drupal7 announcements
- lts meeting
- postgresql-9.6 announcement
- xorg-server security update
-
LTS:
Hours worked:
13 hours
DLA 2452 libdatetime-timezone-perl
Updated timezone data
DLA 2462 cimg
CVE-2020-25693
DLA 2472 mutt
CVE-2020-28896
DLA 2473 vips
CVE-2020-20739
ELTS:
Hours worked:
2 hours
libdatetime-timezone-perl
Updated timezone data
Hi,
During the month of October, I spent 20.75h on LTS:
- investigated and addressed security-tracker corruption
- golang-go.crypto analysis and advice
- thunderbird 78 ESR update
- investigated and fixed thunderbird armhf build failure
- investigated thunderbird l10n bug report
- mariadb-10.1
hi,
in October 2020 I spent 7h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing and post-processing the monthly team meeting
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic
hi,
in September I spent 5h managing (E)LTS contributors:
- dispatching work hours for LTS and ELTS
- preparing, running and participating in the monthly team meeting
- preparing the monthly Freexian blog post published on raphaelhertzog.com
- mail and irc communication, incl.
- semi-automatic
Hi,
During the month of September I have spent 19.75h on the following tasks:
- security-tracker MRs
- thunderbird regression update
- libx11 security update
- Lots of work to get ready for the Firefox & Thunderbird ESR 78 updates, with
the ESR 68 branch going end-of-life on September 22nd
hi,
I August I spent 7h managing (E)LTS contributors for:
- dispatching work hours for LTS and ELTS
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DLAs on www.d.o
- issues of individual contributors
- preparing and
Hi,
During the month of August, I have spent 21.75h working on:
- clamav security update
- thunderbird 68.11 update
- libx11 security update
- gupnp security update, including finding a UAF (use-after-free) issue that led
to a server crash
- security-tracker improvements in the python3 work
-
hi,
I July I spent 10h managing (E)LTS contributors for:
- dispatching work hours for LTS and ELTS
- mail and irc communication, incl.
- semi-automatic unclaim packages
- too many claimed packages
- missing DLAs on www.d.o
- issues of individual contributors
- preparing and running the
Hi,
During this month I spent 60h on LTS working on:
- coordinating stretch-lts handover with various teams
- sent jessie EOL DLA, updated LTS/Using wiki page for stretch, improvements to
DLA template
- lts no-dsa script
- glib-networking update via opu, checked if balsa/stretch needed a
Hi,
During the month of June I spent 4h on LTS working on:
- reviewed stretch-lts MR
- prepared batik update
- CVE triaging
- started working on a lts no-dsa review script
As for ELTS I spent 9h working on:
- final changes to distro-config branch improvements, and deployment
- prepared batik
Hi,
During the last month I spent 19.5 hours on LTS working on the following:
- CVE triaging
- firefox-esr security update
- qemu security update
- thunderbird security update
- started to look at dak built-using problem
- icu security update
- started to backport bluez security issue to older
Hi,
During the month of February, I spent 29h on LTS on the following tasks:
- firefox-esr update
- thunderbird update
- clamav update
- spamassassin update
- missing webwml script improvements
- jackson-databind update
- python-reportlab update
- CVE triage
- python-pysaml2 update
- openjdk-7
Hi,
During January I spent 8 hours on LTS updating firefox, thunderbird, and firefox
again, as well as fixing some problems with the VM.
As for ELTS I spent 1.5h doing triaging work.
Cheers,
Emilio
Hi,
During the month of December, I spent 16.5h on LTS on the following tasks:
- firefox-esr update
- thunderbird update
- spamassasin update
- libssh update
- preparing and testing ibus and glib2.0 (there was a regression update on
stretch so I'm being careful here)
For ELTS I only spent 1h on
Hi,
During the month of November I worked on the Thunderbird update after the
toolchain update work for Firefox ESR 68 made that possible. I also spent time
working on build fixes for Firefox (on armhf for jessie, as well as various
other issues on stretch). Those will also benefit Thunderbird.
On Tue, Nov 12, 2019 at 11:03:17AM +0100, Sylvain Beucler wrote:
> I believe it's a matter of magnitude: the doc's example is about a 10%
> excess, while this was about a ~200% excess.
this, exactly.
> Coordination allows to average the workload and reactivity, for instance
> by adding more
Hi,
On 10/11/2019 21:41, Brian May wrote:
> Holger Levsen writes:
>
>> then, just for the record, this was discussed with Raphael and me. Please
>> don't do more hours than assigned without coordination. See "What should
>> I do if I work more than the hours allocated?" in debian-lts.git for
>>
Holger Levsen writes:
> then, just for the record, this was discussed with Raphael and me. Please
> don't do more hours than assigned without coordination. See "What should
> I do if I work more than the hours allocated?" in debian-lts.git for
> more info.
Huh? I don't see anything about
Hi,
first: thanks for your work and the report, Emilio!
On Sun, Nov 10, 2019 at 11:07:02AM +0100, Emilio Pozuelo Monfort wrote:
> Since the hours spent on LTS were higher than my allotted time, my November
> hours will be used for that, as well as a few from ELTS, and I will work on
> the
>
Hi,
During the month of October I spent 72 hours on finishing the Firefox ESR 68
update. That update took so much time due to the necessary toolchain updates,
which included rust & cargo, LLVM, and GCC, and to several issues which were
encountered with some of those components and with some old
Hi,
During the month of September I spent 30 hours on the following tasks:
- firefox ESR 60 update
- thunderbird ESR 60 update
- ghostscript update
- firefox ESR 68 preparations for jessie and stretch (LLVM 7, cargo, rust,
cbindgen, nasm, nodejs)
As for ELTS I spent 4 hours on frontdesk triage.
Hi,
During the month of August I spent 31 hours on the following tasks:
- php5 update
- ghostscript update
- CVE triaging
- evince update
- atril update
- preparatory work for firefox ESR 68 and thunderbird 68
As for ELTS I spent 8.5h on the following:
- php5 update
- CVE triaging
-
Hi, during the month of June I spent 16h (of 17 assigned) on LTS on the
following tasks:
- CVE triaging
- php5 update
- looked at vim update, coordinated with maintainer
- poppler update
- dbus update
- thunderbird update
- firefox-esr update
- another thunderbird update
During the month of July
Hi,
Here are my LTS and ELTS reports for June 2019.
=
Debian LTS report
Personal tasks kept me away from my Debian activities in june, which
explains the very low amount of hours spent this month.
I was allocated 17 hours and could only spend 4.25 of them in the following
Hi,
During the month of May, I spent 33h on LTS working on the following tasks:
- openjdk-7 security update
- qemu security update
- security-tracker reviews
- sqlite3 triage
- sox: backported patches, run into stability bug in jessie not happening in
sid, bisected it but fix was too invasive so
Hi,
Here are my LTS and ELTS reports for May 2019.
=
Debian LTS report
I was allocated 18 hours. I have spent all of them in the following
tasks:
hdf5:
+ Continued my triage work. I initially planned to do a first
upload this month, but was not able to do this within my
1 - 100 of 112 matches
Mail list logo