Debian Fun in July 2016
3rd August 2016
Debian LTS
July marked the fifteenth month I contributed to Debian LTS under the Freexian umbrella. As usual I spent the 8 hours working on these LTS things:
- Updated QEMU and QEMU-KVM packages to fix CVE-2016-5403, CVE-2016-4439, CVE-2016-4020, CVE-2016-2857 and CVE-2015-5239 resulting in DLA-573-1 and DLA-574-1
- Updated icedove to 45.2.0 fixing CVE-2016-2818 resulting in DLA-574-1
- Reviewed and uploaded xen 4.1.6.lts1-1. The update itself was prepared by Bastian Blank.
- The little bit of remaining time I spent on further work the ruby-active{model,record}-3.2 and ruby-actionpack-3.2 (aka rails) CVEs. Although I have fixes for most of the CVEs already there are still some left where I'm not yet clear if the packages are affected.
- Added some trivial autopkgtest for qemu-img (#832982) (on non LTS time)
Other Debian stuff
- Fixed CVE-2016-5008 by uploading libvirt 2.0.0 to sid and 1.2.9-9+deb8u3 to stable-p-u
- Uploaded libvirt 2.1.0~rc1 to experimental
- Uploaded libvirt-python 2.0.0 to sid
- Uploaded libosinfo 0.3.1 to sid preparing for the upcoming upstream package split
- Uploaded virt-manager 1.4.0 to sid
- Uploaded network-manager-iodine 1.2.0 to sid
- Uploaded cups-pk-helper 0.2.6 to sid
- Triaged apparmor related bugs in libvirt most notably the one affecting hotplugging of disks (#805002) which turned out to be rooted in the kernel not reloading profiles properly.
- Uploaded git-buildpackage 0.8.0, 0.8.1 to experimental adding additional tarball support to gbp import-orig among other things
