Debian Long Term Support work 2016 August

This is the second month being part of the Debian Long Term Support team.

The following contributions were made:

  • Correction of mongodb (DLA-588-1)
  • Started correction of nettle (DLA-593-1)
  • Started to investigate libical. So far I have tagged three of them as no-dsa as they were classified as low prio issues by upstream. More work remains.
  • Concluded that erlang do not need a DLA (see revision 43796 and 43794).
  • Concluded that squid do not need an update for CVE-2015-5400.
  • Concluded that ntp do not need an update for CVE-2016-4953 (see revision 43871). Wheezy is as unaffected as jessie. Sometimes it is best to implement things in a better way than upstream.
  • Correction of openssh (DLA-594-1)
  • Re-build of mongodb to ensure it has a revision number higher than wheezy (DLA-558-2)
  • Investigated what files and what commit that fix the security problem for matrixssl. Investigation results sent by mail.
  • Correction of libgcrypt11 (DLA-600-1)
  • Read the article about FFS in order to be able to comment on the request for comments on gnupg1 and gnupg2 from Santiago. Sent the DLA by request from Santiago.