Welcome to gambaru.de. Here is my monthly report (+ the first week in February) that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.
- Again Reiner Herrman did a very good job with updating some of the most famous FOSS games in Debian. I reviewed and sponsored supertux 0.6.1.1, supertuxkart 1.1 and love 11.3, also several updates to fix build failures with the latest version of scons in Debian. Reiner Herrmann, Moritz Mühlenhoff and Phil Wyett contributed patches to fix release critical bugs in netpanzer, boswars, btanks, and xboxdrv.
- I packaged new upstream versions of minetest 5.1.1, empire 1.15 and bullet 2.89.
- I backported freeciv 2.6.1 to buster-backports and
- applied a patch by Asher Gordon to fix a teleporter bug in berusky2. He also submitted another patch to address even more bugs and I hope to review and upload a new revision soon.
- This month I packaged new releases of libpdfbox2-java, undertow, easymock, lombok-patcher, libtwelvemonkeys-java, wildfly-common and checkstyle (CVE-2019-10782).
- I requested the removal of libxmlrpc3-java from Debian and prepared DSA-4619-1 to fix CVE-2019-17570.
- I fixed CVE-2019-17571 in apache-log4j1.2 and intend to address the same problem in Buster and Stretch soon.
- As the maintainer I requested the removal of pyblosxom, a web blog engine written in Python 2. Unfortunately pyblosxom is no longer actively maintained and the port to Python 3 has never been finished. I thought it would be better to remove the package now since we have a couple of good alternatives like Hugo or Jekyll.
- I packaged new upstream versions of wabt and privacybadger.
- DLA-2065-1. Issued a security update for apache-log4j1.2 fixing 1 CVE.
- DLA-2077-1. Issued a security update for tomcat7 fixing 2 CVE.
- DLA-2078-1. Issued a security update for libxmlrpc3-java fixing 1 CVE.
- DLA-2097-1. Issued a security update for ppp fixing 1 CVE.
- DLA-2098-1. Issued a security update for ipmitool fixing 1 CVE.
- DLA-2099-1. Issued a security update for checkstyle fixing 1 CVE.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 "Wheezy". This was my twentieth month and I have been paid to work 10 hours on ELTS.
- ELA-208-1. Issued a security update for tomcat7 fixing 2 CVE.
- ELA-209-1. Issued a security update for linux fixing 41 CVE.
- Investigated CVE-2019-17023 in nss which is needed to build and run OpenJDK 7. I found that the vulnerability did not affect this version of nss because of the incomplete and experimental support for TLS 1.3.
Thanks for reading and see you next time.