LTS report 2019-10-01 to 2019-10-31

Oct 20, 2019

LTS report 2019-10-01 to 2019-10-31

This time period I used 10 hours.

Jessie Package Support

For the project Jessie Package Support, I used 10 hours in the following tasks:

golang
poppler
ruby-mini-magick
ruby-openid

golang

Research issue.
Patch doesn’t apply automatically but could be applied by hand easily.
Patching tests might be harder. If actually required.
Mark CVE-2019-16276 as ignored, as already ignored in Stretch.

poppler

CVE-2019-9959
Create and test patch.
Send email to debian-lts mailing list.
Investigate CVE-2019-10871.
Update patch to set SPLASH_CMYK to solve CVE-2019-10871.
Upload fixed version 0.26.5-2+deb8u12 to jessie-security.
Post DLA-1963-1.
Add DLA-1963-1 to website.
Upload caused regression in xpdf.
Test and reproduce error.
Upload version 0.26.5-2+deb8u13 with fix for CVE-2019-10871 reversed.
Post DLA-1963-2.
Add DLA-1963-2 to website.

ruby-mini-magick

Further debugging of problem.

ruby-openid

Create patch and post email to LTS mailing list.
Upload fixed version 2.5.0debian-1+deb8u1.
Reserve DLA-1956-1.
Post DLA-1956-1.
Add DLA-1956-1 to website.

Comments

(C)opyright Brian May c385261bace85a6a8ce8494db7beb528d3213503 2023-12-01T09:30:43+11:00

Posted: Sun, 20 Oct 2019 00:00:00 +1100