This was my ninth month working on Debian LTS. I was assigned 15 hours of work by Freexian's Debian LTS initiative.

Front desk

I spent another week in the 'front desk' role, largely overlapping with DebConf. I investigated which new CVEs affected LTS-supported packages in squeeze, recorded this in the secure-testing repository, and mailed the package maintainers to give them a chance to handle the updates. I found that one claimed security flaw in glusterfs was actually harmless for all supported Debian releases.

conntrack

conntrack had one new issue (CVE-2015-6496, possible remote DoS if certain kernel modules aren't loaded). I didn't find a way to reproduce it, but it still seemed to be applicable to squeeze (but for fewer protocols). I was able to backport the upstream fix without difficulty, after which I uploaded and issued DLA-295-1.

DebConf

I attended the LTS BoF at DebConf 15 to discuss the plans for wheezy LTS. Raphael just posted a summary of these discussions.

linux-2.6

I spent some time on kernel security fixes, but haven't uploaded an update yet. That will probably come in September.