Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2019 January

The following contributions were made:

  • Investigated nettle and CVE-2018-16869. The conclusion is that the fix for this CVE introduces a new function that should be used by the applications using nettle. This means that the fix is not really suitable for stable and oldstable since the applications also need to be updated to actually fix the problem. Committed this but just after I started to look into gnutls28 and it actually depends on this being fixed so reverting this decision.
  • Triaged libsndfile
    • CVE-2018-19758 - Minor issue, ignored following stretch decision.
  • Triaged sssd
    • CVE-2018-16883 - Was already triaged.