Debian LTS Report for September 2016
September 2016 was my first month as a payed Debian LTS Team member. After doing two small uploads to wheezy-security in August and got to know the LTS Team workflow, this month I was allocated 9 hours by Freexian. I spent all 9 hours on working on security updates to Debian Wheezy.
In particular, I worked on the following issues:
- DLA 612-1: libtomcrypt PKCS#1 RSA signature verification
- DLA 617-1: libarchive out of bounds and denial of service
- DLA 625-1: libcurl escape/unescape integer overflows
- DLA 627-1: pdns qname's length>255b, missing zone size limits
- worked on mat issue with embeded images in PDFs (#826101)
For reference, these were the issues I worked on in August:
- DLA 584-1: libsys-syslog-perl opportunistic loading of optional modules
- DLA 589-1: mupdf out of bounds write access to memory locations