Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2020 March

The following contributions were made:

  • Front desk work.
  • Helped with some analysis of qemu vulnerabilities.
  • Triaged rrdtool and concluded that CVE-2014-6262 must be a problem. It was fixed already in 2004.
  • Supported the work on lua-cgi.
  • Supported the work on phppgadmin.
  • Supported the work on ruby-rack.
  • Front desk work.
  • Marked one CVE for tor as EOL.
  • Marked quite a few CVEs for xen as EOL.
  • Triaged symfony.
    • CVE-2020-5274 - Marked as not-affected following security team decision. The ErrorHandler code does not exist in Jessie version.
    • CVE-2020-5275 - Marked as not-affected following security team decision. The description in the upstream bug seems to be valid after some code inspection. No deep analysis made.
  • Triaged python-bleach
    • CVE-2020-6817 - Code analysis shows that the jessie version is very likely to be vulnerable. Added to dla-needed.txt.
  • Triaged u-boot
    • CVE-2020-10648 - Vulnerable. Not sure it is worth fixing. Sending an email about it.