LTS report 2019-05-01 to 2019-05-31

This time period I used 10 hours.

LTS Infrastructure

For the project LTS Infrastructure, I used 2 hours in the following tasks:

  • security tracker / python3

security tracker / python3

  • Revise PR#39. Add comparison functions.
  • Revise PR#40. Fix list sort for Python 3.

Jessie Package Support

For the project Jessie Package Support, I used 8 hours in the following tasks:

  • gradle
  • jquery
  • libvirt
  • wordpress



  • Investigate CVE-2019-11358, Prototype Pollution.
  • Apply patch for CVE-2019-11358 to Jessie version.
  • Send email to debian-lts mailing list.
  • Attempt to debug why building jquery gives 1 byte min.js file.
  • Fix build problem with jquery package. Not sure how this package ever got built.
  • Upload to Debian and prepare DLA-1777-1.
  • Create PR to add DLA-1777-1 to website.


  • Send new patch using CVE-2016-10746 to mailing list.
  • Upload libvirt 1.2.9-9+deb8u6 to Jessie.
  • Reserve DLA-1772-1.
  • Upload and announce DLA-1772-1
  • Create PR to add DLA to website PR#128.


  • CVE-2017-1000600: Find and add references to tracker.
  • CVE-2018-1000773: Attempt to find information on CVE-2018-1000773, which is related to CVE-2017-1000600 (incomplete fix).