Subject: LTS/ELTS Report for September 2019

For September I spent 16 hours on the following LTS tasks:

- ansible: multiple issues, including the recently reported
  CVE-2019-10156 and several previously no-dsa/postponed fixes
- mongodb: CVE-2019-2386, triaged and found to not apply
- libcommons-compress-java: CVE-2019-12402
- php5: fix for #805222, which prevented building PHP extensions
- php-pecl-http: CVE-2016-7398
- python3.4, python2.7: CVE-2019-16506

I also spent 8 hours on the following ELTS tasks:

- python2.7, python2.6: CVE-2019-16506 and numerous previously
  no-dsa/postponed fixes