Subject: LTS/ELTS Report for December 2019

For December 2019 I spent 16.5 on the following LTS tasks:

- php-horde: CVE-2019-12094 and CVE-2019-12095; the former was triaged
  as a minor issue and the latter, initially misattributed to
  php-horde-trean, was fixed in jessie (normal upload), stretch
  (old-stable-proposed-updates), and buster (stable-propsed-updates) in
  coordination with the Security Team and SRMs
- opensc: triaged CVE-2019-19480 and CVE-2019-19481, then handed off to
  Utkarsh Gupta for integration of fix for CVE-2019-19479; reviewed and
  sponsored Utkarsh's upload and published the DLA he prepared
- davical: fixed CVE-2019-18345, CVE-2019-18346, and CVE-2019-18347
- git: began work to backport and integrate patches for all open CVEs, 
  using packages prepared by the Debian Security Team for stretch and by
  the Ubuntu Security Team for xenial as a starting point; work is
  nearly complete

I spent a further 16.5 hours on the following ELTS tasks:

- openjdk-7: finished implementing/integrating autopkgtest tests;
  documented findings and procedures to reproduce implementation so that
  tests can be integrated into next updates of openjdk-8 (jessie) and
  openjdk-7 (wheezy)
- git: began work to backport and integrate patches for all open CVEs,
  using packages prepared by the Debian Security Team for stretch and by
  the Ubuntu Security Team for xenial as a starting point; the wheezy
  version being so much older, the stretch and xenial patches require
  much more backporting work in order to integrate