Debian LTS and ELTS - September 2020
Here is my transparent report for my work on the Debian Long Term Support
(LTS) and Debian
Extended Long Term Support (ELTS), which extend the security
support for past Debian releases, as a paid contributor.
In September, the monthly sponsored hours were split evenly among
contributors depending on their max availability - I was assigned
19.75h for LTS (out of my 30 max; all done) and 20h for ELTS (out
of my 20 max; all done).
ELTS - Jessie
- qemu: jessie triage: finish work started in August
- qemu: backport 5 CVE fixes, perform virtual and physical
testing, security upload ELA-283-1
- libdbi-perl: global triage: clarifications, confirm incomplete
and attempt to get upstream action, request new CVE
following discussion with security team
- libdbi-perl: backport 5 CVE fixes, test, security upload ELA-285-1
LTS - Stretch
- qemu: stretch triage, while working on ELTS update; mark
several CVEs unaffected, update patch/status
- wordpress: global triage: reference new patches, request
proper CVE
to fix our temporary tracking
- wordpress: revamp package: upgrade to upstream's stable
4.7.5->4.7.18 to ease future updates, re-apply missing
patches, fix past regression and notify maintainer, security
upload DLA-2371-1
- libdbi-perl: common work with ELTS, security upload DLA-2386-1
- public IRC team
meeting
Documentation/Scripts
- LTS/TestSuites/wordpress:
new page with testsuite import and manual tests
- LTS/TestSuites/qemu:
minor update
- wiki.d.o/Sympa:
update Sympa while using it as a libdbi-perl reverse-dep test
(update for newer versions, explain how to bootstrap admin
access)
- www.d.o/lts/security:
import a couple missing announcements and notify uploaders about
procedures
- Check
status for pdns-recursor, following user request
- Check
status for golang-1.7 / CVE-2019-9514 / CVE-2019-9512
- Attempt
to improve cooperation after seeing my work discarded and redone
as-is, which sadly isn't the first time; no answer
- Historical analysis of our CVE fixes: experiment to gather
per-CVE tracker history
--
https://blog.beuc.net/posts/Debian_LTS_and_ELTS_-_September_2020/
Reply to: