LTS report 2019-11-01 to 2019-11-30

This time period I used 10 hours.

Jessie Package Support

For the project Jessie Package Support, I used 5 hours and 20 minutes in the following tasks:

  • 389-ds-base
  • angular.js
  • ansible
  • ruby-openid

389-ds-base

  • Research problem.
  • Unable to get any details except brief summary of problem.
  • Look for patch.
  • Look for solution that was used by RHEL package version 389-ds-base-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.src.rpm without success.
  • Look for patch in upstream git respository without success.
  • Upstream bug returns 404.

angular.js

  • CVE-2019-14863: One line fix required.
  • Upstream fix: git.
  • Apply patch to Jessie version.
  • Send patch to debian-lts.
  • Upstream fix: git.
  • Apply patch to Jessie version.
  • Upload fixed package.
  • Post DLA-1995-1.
  • Add DLA-1995-1 to website.

ansible

  • CVE-2019-14846: Easy to fix.
  • CVE-2019-14858: Can’t find applicable code.
  • CVE-2019-14864: Can’t find applicable code.

ruby-openid

  • Review mailing list post. Possibly regression in previous upload.
  • Respond to mailing list post.

LTS Infrastructure

For the project LTS Infrastructure, I used 4 hours and 40 minutes in the following tasks:

  • Automatically strip no-dsa tags by gen-DLA

Automatically strip no-dsa tags by gen-DLA

  • Post code.
  • Post message to Debian-LTS.
  • Respond to private email from member of security team.