Debian Long Term Support work 2020 January


Due to a fire the data is not complete. This is data restored from git logs meaning it is far from complete.
Work done this month:
  • Decided to mark CVE-2020-8492 for python ignored in jessie. It is a client side DoS problem and with any decent client it would be impossible to exploit. If new client it written it is possible but then DoS can be implemented by other means. However I may have missed something so I sent an email about it asking for advice.
  • Netty added to DLA needed file.
  • Marked CVE-2019-20421 for exiv2 as ignored in jessie. Similar issues have been marked the same many times before.
  • Tagged CVE-2020-8432 as ignored in jessie for u-boot following decision for stretch.
  • ... and more see security tracker git