- krb5: I applied patches for CVE-2015-2697 and CVE-2015-2695. The DLA-340-1 was released on November though since one of the patches was incomplete.
Besides that I did CVE triaging of 16 CVEs to check if and how they affect oldoldstable security as part of my LTS front desk work.
I also added some very basic indentation support to our CVE/list Emacs major-mode on non LTS time.
Other Debian stuff
I've released git-buildpackage 0.7.0 with lots of updates, most notably more complete rpm support, a git-pbuilder update and documentation updates. This release has patches from 9 different contributors, thanks a lot!
I've updated cl2vcs, a CGI to link commit IDs in the debian/changelog to the VCS, to 0.0.4 fixing some bugs that showed up after I updated the hosting machine to Jessie as well as support for the [commitid1,commitd2,commit3,...] format when grouping commits. (SSL certificate of the server is CAcert signed)
At Halloween five Debian aficionados met for Hacking Erpel 1 (aka HEPL1) in Erpel (link goes to German Wikipedia) between Bonn and Koblenz. Some details are here. We're aiming for more of these events on a more frequent basis (HEPL0 being back in 2013) so if you're somewhere from that area and want to join us next time just subscribe to the new mailing list (in German, SSL certificate of the server is CAcert signed).