Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n
\/etc\/systemd\/system\/tomcat9.service.d\/<\/span><\/code><\/pre>\ninstead of \/etc\/systemd\/system\/tomcat9.d.*sigh*<\/li>\n<\/ul>\n
Misc<\/h2>\n\n- Last month I wrote about the challenges of the ublock-origin<\/a> addon (#926586<\/a>). We came to the conclusion that we can no longer provide one version for Firefox and Chromium but that we don't have to create two binary packages either. Now we use symlinks\u00a0 and two different directories and hopefully this will solve all the troubles we had before. It is not a great solution but hopefully we can maintain the addon without relying on patches.\u00a0 Thanks to Michael Meskes who implemented the changes. I will probably upload a new version to experimental in May, so that people can try it out and report back.<\/li>\n<\/ul>\n
Debian LTS<\/h2>\n
This was my\u00a0thirty-eight month as a paid contributor and I have been paid to work 17,25 hours on Debian LTS<\/a>, a project started by Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n\n- From 29.04.2019 until 05.05.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in rebar, filezilla, lucene-solr, librecad, apparmor, phpbb3, jakarta-jmeter, jetty8, jetty, php-imagick and node-tar.<\/li>\n
- DLA-1753-2<\/a>. Issued a regression update for proftpd-dfsg because it became clear that neither version 1.3.5.e nor 1.3.6 was a way forward to address the memory leaks because those versions also introduced new bugs that affected sftp setups negatively (#926719<\/a>). I resolved these problems by backporting the patches for the memory leaks and by reverting to version 1.3.5 again.<\/li>\n
- DLA-1773-1<\/a>. Issued a security update for signing-party fixing 1 CVE.<\/li>\n
- DLA-1774-1<\/a>. Issued a security update for otrs2 fixing 1 CVE.<\/li>\n
- DLA-1775-1<\/a>. Issued a security update for phpbb3 fixing 1 CVE.<\/li>\n
- DLA-1776-1<\/a>. Issued a security update for librecad fixing 1 CVE.<\/li>\n
- DLA-1785-1<\/a>. Issued a security update for imagemagick together with Hugo Lefeuvre (3 CVE) fixing 50 CVE in total.<\/li>\n<\/ul>\n
ELTS<\/h2>\n
Extended Long Term Support (ELTS<\/a>) is a project led by Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my eleventh month and I have been paid to work 14,5 hours on ELTS.<\/p>\n\n- I was in charge of our ELTS frontdesk from 15.04.2019 until 21.04.2019 and I triaged CVE in openjdk7, php5 and libvirt.<\/li>\n
- ELA-72-2<\/a>. Issued a regression update for jasper which corrected the patch for CVE-2018-19542.<\/li>\n
- ELA-109-1<\/a>. Issued a security update for jquery fixing 1 CVE.<\/li>\n
- ELA-111-1<\/a>. Issued a security update for linux and linux-latest fixing 24 CVE.<\/li>\n
- ELA-117-1<\/a>. Issued a security update for apache2 fixing 2 CVE and investigated four more CVE which I triaged as not-affected.<\/li>\n<\/ul>\n
Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"
Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games This was a very quiet month compared to pre-freeze time. I reported three security vulnerabilities for Teeworlds (#927152) which were later … <\/p>\n