(E)LTS and Debian report for September 2023

To: debian-lts@lists.debian.org
Subject: (E)LTS and Debian report for September 2023
From: Helmut Grohne <helmut@subdivi.de>
Date: Fri, 29 Sep 2023 10:45:44 +0200
Message-id: <[🔎] 20230929084544.GA3460292@subdivi.de>
Mail-followup-to: Helmut Grohne <helmut@subdivi.de>, debian-lts@lists.debian.org

Hi,

I am funded by Freexian SARL and thus reporting about my work in
September 2023. In previous months I worked on other topics than LTS. I
no longer include funding aspects here to avoid duplication with the
Freexian funding blog, so this is just about LTS/ELTS.

In September, I uploaded python2.7 to bullseye, buster, stretch and
jessie. Please see ELA-950-1 and DLA 3575-1 for details. The update
fixes six to seven CVEs of which three to deficiencies in url parsing.
Porting the change to heapq (CVE-2022-48560) to ELTS releases required
reviewing and merging reference counted sections of the surrounding
code. In order to properly test these changes, I fixed the existing
autopkgtests and was able to declassify the distutils test as failing.
At the time of this writing, the upload to bullseye still is in
proposed-updates and not yet installed by default. I deferred the email
vulnerability (CVE-2023-27043), because upstream has not yet decided on
a solution.

Helmut

Reply to:

Prev by Date: SALT
Next by Date: Ring
Previous by thread: Re: SALT
Next by thread: Ring
Index(es):
- Date
- Thread