Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2016 November

The following contributions were made:

  • Investigation of regression problem due to the nss (DLA-677-1) update. The conclusion is that this is a general problem for all applications that fork (at least in some situations) but it looks like only chrome were affected. No further update was done on this. This investigation did unfortunately take rather long time.
  • Front desk work.
    Did the following conclusions:
    • nss vulnerable. Motivation: Redhat have issued correcton for this.
    • mcabber vulnerable. Motivation: Another package with similar vulnerability have a fix and DLA sent for that one.
    • ntp vulnerable. There were a few CVEs to triage but only the following were marked as no-dsa:
      • CVE-2016-7429
      • CVE-2016-7431 (vulnerable code not affected)
      • CVE-2016-7433
    • maradns vulnerable.
    • qemu vulnerable (but that was not true)
    • xen vulnerable.
    • lxc vulnerable.
    • w3c vulnerable but some of the issues shall be considered as non-dsa.
    • xen vulnerable (again).
    • w3m vulnerable but all were tagged no-dsa (after some discussion).
    • tiff vulnerable but the following were marked as no-dsa.
      • CVE-2016-9538
    • libsoap-lite-perl vulnerable
    • nss vulnerable
  • Wrote a DLA (DLA-722-1) for irssi on request.