Debian Long Term Support work 2016 June

This is the first month being part of the Debian Long Term Support team.

The following contributions were made:

  • Corrected dhcpcd5 and issued DLA-506-1
  • Corrected nss and issued DLA-507-1
  • Questioned update of qemu and qemu-kvm (the conclusion is that we shall support it on best effort)
  • Security tracker updated with findings from Diego Biurrun. CVE-2015-8217 and CVE-2015-8363 do not apply to Libav 0.8 because the affected decoders are not present in that release.
  • Analyzed nss code for CVE-2016-2834 and reported in an email to the list. Emilio Pozuelo Monfort <pochu@debian.org> completed this work for me.
  • Analyzed phpmyadmin vulnerabilities. Backporting will be started next month when I have new hours.