Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2019 November

The following contributions were made:

  • Continued to work on cpio for CVE-2019-14866. It was possible to reproduce the problem and with the patched package it was no longer possible. This means that the solution works for jessie. For some unknown reason it did not work on wheezy, and it turned out that the correction did not consider 32 bit architecture. Package rebuilt after that. Corrected package uploaded. DLA-1981-1 assigned and sent. Also checked that the DLA actually arrived to the list. Merge request made for the new DLA to incorporate it on the webpage.
  • Sent reminder email for the following packages because a DLA had not been sent to the mail list.
    • pam-python
    • ... then I realized that I sent three reminders for packages that was build infrastructure. Sent apology for that.
  • ..