Debian LTS
February was the tenth month I contributed to Debian LTS under the Freexian umbrella. In total I spent 7 hours (of allocated 11.15 hours) working on squeeze-lts:
Triage of 17 CVEs for squeeze-lts. I misread the calendar and thought I was on front-desk duty for a couple of days. Fortunately no duplicate work was done.
Prepared and released DLA-427-1 for nss fixing CVE-2016-1938 after checking that nss is not affected by CVE-2015-7575 since MD5 signatures never got disabled - another good reason why we should have the same nss in all suites.
… and to make sure we have fewer issues that are fixed in squeeze-lts but affect wheezy …
I prepared patches for CVE-2015-8036 and CVE-2015-5291 for polarssl for jessie including some autpkgtests (wheezy already happened in January) resulting in DSA-3468-1.
Prepared patches for CVE-2015-1323 affecting apt-daemon (789162) for jessie and wheezy waiting for a review.
On non LTS time I cooked up a script to make it simpler to check if a package has security support in a certain release.
Now that squeeze-lts is history I'd like to thank the Debian Security Team for their help and answers to all the questions related to security tracker, DSAs, DLAs and whatnot. I'm looking forward to wheezy-lts now…
Other Debian stuff
- Uploaded libvirt-python 1.3.1 to unstable.
- Uploaded virt-manager 1.3.2 to experimental.
- Uploaded libvirt 1.3.2-2 to unstable dropping the libvirt-bin transitional package after NMUing gnome-boxes and virt-goodies to remove the dependency.
- Uploaded whatmaps to experimental switching to Python3
