LTS
- Started to work on CVE-2024-32020 for git. Possible regression issue so sent an email asking for advice. After a few rounds of discussion the conclusion is that this CVE should be ignored.
- Discussed a package tool question about sanitize option and concluded that this work should be paused.
- Given thoughts on how to triage a few issues for twitter-bootstrap4 and twitter-bootstrap3.
- Continued the work on improving gen-DSA/DLA/ELA. Sent a mail about the possibility to use an empty version. Finalized the work after review comments and created a merge request.
- Wrote a tool that check for CVE triaging inconsistencies. The result so far is that it can detect that a CVE for a package is fixed in a previous release and postponed, ignored or no-dsa in a later and then print a re-triaging consideration line for that case. Also it can find CVEs that are postponed in previous and next release and no-dsa in "current". Created a security tracker issue for this and a merge request. Also sent an email asking for comments.
ELTS
- Included the CVE-2024-32020 for git question to ask also for advice for ELTS. The CVE is postponed in ELTS releases. Due to the discussions for LTS concluded that the CVE should be ignored for ELTS as well.
- Reviewed ELA-1221-1.
- Investigated an erlang install issue. Suggestion is to close without action. Email sent to front-desk about this.
- Checked a question about mysql-connector-python for stretch
- Tested the tool for triaging re-considerations also for ELTS. It seems to work fine. Found one package to fix and informed front-desk about it.