October 31st 2015

Free software activities in October 2015

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):


Debian

My work in the Reproducible Builds project was also covered in more depth in Lunar's weekly reports (#23, #24, #25, #26).


LTS


This month I have been paid to work 11 hours on Debian Long Term Support (LTS). In that time I did the following:

  • DLA 326-1 for zendframework fixing an SQL injection vulnerability.
  • DLA 332-1 for optipng correcting a use-after-free issue.
  • DLA 333-1 for cakephp preventing a remote Denial of Service attack.
  • DLA 337-1 for busybox fixing a vulnerability when unzipping a specially crafted zip file/
  • DLA 338-1 for xscreensaver preventing a crash when hot-swapping monitors.

Uploads

  • redis — New upstream release as well as changing the default UNIX socket location and correctly supporting "cluster" mode config file hardening and redis-sentinel's runtime directory handling under systemd. An update for jessie was also uploaded.
  • python-redis — Attempting to get the autopkgtest tests to finally pass.
  • debian-timeline — Making the build reproducible.
  • gunicorn — New upstream release.





You can subscribe to new posts via email or RSS.