Debian LTS Report for September 2016

September 2016 was my first month as a payed Debian LTS Team member. After doing two small uploads to wheezy-security in August and got to know the LTS Team workflow, this month I was allocated 9 hours by Freexian. I spent all 9 hours on working on security updates to Debian Wheezy.

In particular, I worked on the following issues:

  • DLA 612-1: libtomcrypt PKCS#1 RSA signature verification
  • DLA 617-1: libarchive out of bounds and denial of service
  • DLA 625-1: libcurl escape/unescape integer overflows
  • DLA 627-1: pdns qname's length>255b, missing zone size limits
  • worked on mat issue with embeded images in PDFs (#826101)

For reference, these were the issues I worked on in August:

  • DLA 584-1: libsys-syslog-perl opportunistic loading of optional modules
  • DLA 589-1: mupdf out of bounds write access to memory locations