LTS report 2019-10-01 to 2019-10-31
LTS report 2019-10-01 to 2019-10-31
This time period I used 10 hours.
Jessie Package Support
For the project Jessie Package Support, I used 10 hours in the following tasks:
- golang
- poppler
- ruby-mini-magick
- ruby-openid
golang
- Research issue.
- Patch doesn’t apply automatically but could be applied by hand easily.
- Patching tests might be harder. If actually required.
- Mark CVE-2019-16276 as ignored, as already ignored in Stretch.
poppler
- CVE-2019-9959
- Create and test patch.
- Send email to debian-lts mailing list.
- Investigate CVE-2019-10871.
- Update patch to set SPLASH_CMYK to solve CVE-2019-10871.
- Upload fixed version 0.26.5-2+deb8u12 to jessie-security.
- Post DLA-1963-1.
- Add DLA-1963-1 to website.
- Upload caused regression in xpdf.
- Test and reproduce error.
- Upload version 0.26.5-2+deb8u13 with fix for CVE-2019-10871 reversed.
- Post DLA-1963-2.
- Add DLA-1963-2 to website.
ruby-mini-magick
- Further debugging of problem.
ruby-openid
- Create patch and post email to LTS mailing list.
- Upload fixed version 2.5.0debian-1+deb8u1.
- Reserve DLA-1956-1.
- Post DLA-1956-1.
- Add DLA-1956-1 to website.