This is the second month being part of the Debian Long Term Support team.
The following contributions were made:
- Correction of mongodb (DLA-588-1)
- Started correction of nettle (DLA-593-1)
- Started to investigate libical. So far I have tagged three of them as no-dsa as they were classified as low prio issues by upstream. More work remains.
- Concluded that erlang do not need a DLA (see revision 43796 and 43794).
- Concluded that squid do not need an update for CVE-2015-5400.
- Concluded that ntp do not need an update for CVE-2016-4953 (see revision 43871). Wheezy is as unaffected as jessie. Sometimes it is best to implement things in a better way than upstream.
- Correction of openssh (DLA-594-1)
- Re-build of mongodb to ensure it has a revision number higher than wheezy (DLA-558-2)
- Investigated what files and what commit that fix the security problem for matrixssl. Investigation results sent by mail.
- Correction of libgcrypt11 (DLA-600-1)
- Read the article about FFS in order to be able to comment on the request for comments on gnupg1 and gnupg2 from Santiago. Sent the DLA by request from Santiago.