Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2016 August

This is the second month being part of the Debian Long Term Support team.

The following contributions were made:

  • Correction of mongodb (DLA-588-1)
  • Started correction of nettle (DLA-593-1)
  • Started to investigate libical. So far I have tagged three of them as no-dsa as they were classified as low prio issues by upstream. More work remains.
  • Concluded that erlang do not need a DLA (see revision 43796 and 43794).
  • Concluded that squid do not need an update for CVE-2015-5400.
  • Concluded that ntp do not need an update for CVE-2016-4953 (see revision 43871). Wheezy is as unaffected as jessie. Sometimes it is best to implement things in a better way than upstream.
  • Correction of openssh (DLA-594-1)
  • Re-build of mongodb to ensure it has a revision number higher than wheezy (DLA-558-2)
  • Investigated what files and what commit that fix the security problem for matrixssl. Investigation results sent by mail.
  • Correction of libgcrypt11 (DLA-600-1)
  • Read the article about FFS in order to be able to comment on the request for comments on gnupg1 and gnupg2 from Santiago. Sent the DLA by request from Santiago.