September 2016 was a rather quiet month, with three NEW packages, lots of housekeeping uploads, and 12 hours of LTS work. I have also finally achieved to sign all PGP keys of the DC16 keysigning party. Better late than never!
So, this month again, my free software contributions have been kind of Debian-centered. I should maybe consider renaming these articles My Debian work instead of Free Software activities...
NEW uploads and adoptions
- NEW upload of python-pytest-benchmark: pytest fixture for benchmarking code.
- NEW upload of pytest-cookies: wrapper for the cookiecutter API for generating projects.
- NEW upload of python-boltons: set of pure-Python utilities.
RC bugs squashing
- #822787: quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS.
- Team upload for python-biplist: Packaging of new upstream release
September 2016 was my first month as a paid member of the Debian LTS team. I have spent 12 hours doing the following tasks:
Prepared a security update for qemu and qemu-kvm fixing CVE-2016-7161, CVE-2016-7466 and CVE-2016-7170 (not uploaded yet, still under testing. Investigations to determine if qemu and qemu-kvm are affected by CVE-2016-7466 were long).
Triaged various security issues affecting qemu, qemu-kvm and libav.
Prepared a security update for libav fixing CVE-2016-7393, CVE-2015-1872 and CVE-2015-5479 (packaging of the new upstream release). Not uploaded yet.