Debian LTS report for June 2019

This month I was allocated 17 hours. I also had 1.75 hours left over from May, which makes a total of 18.75 hours. I spent 16.75h of them on the following issues, which means I again carry over 2h to the next month.

• DLA 1817-1: Uninitialized read in XBM support of libgd2. Related CVE: CVE-2019-11038.
• Work on sqlite3 security update: Spent quite some time on working on two CVEs (CVE-2019-8457 and CVE-2019-5827) that are not easy to fix. Suggested to ignore CVE-2019-8457 and prepared packages that contain a (likely incomplete) fix for CVE-2019-5827.
• DLA 1837-1: Several vulnerabilities in the rdesktop RDP client.
• DLA 1837-2: Regression update for the 1.8.6-0+deb8u1 rdesktop upload.

Links

• Debian Wiki: Debian Long Term Support
• Freexian: Debian Long Term Support