LTS report 2018-05-01 to 2018-05-31

This time period I used 10 hours.

Wheezy Package Support

For the project Wheezy Package Support, I used 10 hours in the following tasks:

  • cacti
  • calibre
  • efail
  • firebird2.5
  • glusterfs
  • libspring-java

cacti

  • Research security issues for CVE-2018-10061 and CVE-2018-10061.
  • 10 upstream patches (that I can see).
  • Marked issues no-dsa in wheezy.

calibre

efail

  • Investigate CVE-2017-17689 efail security issues with encrypted emails.

firebird2.5

  • Backport fix from 3.0.3.32900.ds4-3 for CVE-2017-11509.
  • Test backported fix.
  • Build and upload for testing.
  • Push git changes.
  • Announce firefird2.5 2.5.2.26540.ds4-1~deb7u4 package available for testing.
  • Build package for release.
  • Upload to Debian and create advisory notice.

glusterfs

  • Research security vulnerability CVE-2018-1088.

libspring-java

  • Research CVE-2018-1272, CVE-2018-1272 and CVE-2018-1275.