Debian LTS report for March 2020

Hi,

March was my 3rd month as a Debian LTS paid contributor, a Freexian’s initiative. I was assigned 6 hours and I spent all of them for the following:

libmtp:

• Finish the fix for CVE-2017-9831 and CVE-2017-9832, then I asked on the LTS mailing list for testing. If no regression is reported, I will upload the fix on the 4th of April.

libplist:

• Fixed CVE-2017-5209, CVE-2017-5545, CVE-2017-5834, CVE-2017-5835, CVE-2017-6435, CVE-2017-6436, CVE-2017-6439 and CVE-2017-7982, tested, uploaded and released DLA-2168-1.

The majority of these CVE was fixed in Wheezy through DLA-1029-1, DLA-811-1, DLA-840-1 and DLA-870-1, but not in Jessie! Now, it’s fixed.

It was not easy to find free time to work on LTS, because of the lockdown due to the SARS-CoV-2.

Stay safe!

– Dylan