Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2019 March

The following contributions were made:

  • Tried to help Mike with the segfault reproduction for openssh for CVE-2019-6111. Did not succeed very well. Produced some unit test code for the new functions but they seemed to work just fine. Mail sent with the results.
  • Investigated clamav security vulnerabilities but could not find any source information to identify what each CVE is all about. Mail sent with questions.
    • CVE-2019-1786 not affecting jessie since it was introduced in 0.101. Marked accordingly.
    • CVE-2019-1785┬ánot affecting jessie since it was introduced in 0.101. Marked accordingly.
    • CVE-2019-1798┬ánot affecting jessie since it was introduced in 0.101. Marked accordingly.
    • Claimed clamav and worked on a build. It is slightly more complicated than normal since the package is stripped. Put in some effort here and finally produced an email asking for advice from maintainers, LTS team and debian Security team.