LTS report 2018-08-01 to 2018-08-31

This time period I used 10 hours.

LTS Infrastructure

For the project LTS Infrastructure, I used 1 hour and 10 minutes in the following tasks:

  • security tracker / python3

security tracker / python3

Jessie Package Support

For the project Jessie Package Support, I used 8 hours and 50 minutes in the following tasks:

  • 389-ds-base
  • Research security issues.
  • mosquitto
  • tiff
  • twitter-bootstrap
  • twitter-bootstrap3


Research security issues.

  • Check git-annex. No change. Patches for stretch do not apply cleanly.
  • Check mosquitto. No upstream progress.
  • Check sam2p CVE-2018-12578 and CVE-2018-12601. Patches do not apply cleanly. The patch for CVE-2018-12578 is a complete rewrite of the bmp_compress1_row function.





  • Look at CVE-2018-14040.
  • Look at CVE-2018-14041.
  • Look at CVE-2018-14042.