[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS and ELTS - February 2021



Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors

LTS

- qemu
 - triage pending vulnerabilities
 - have upstream clarify CVE-2020-17380 with a new CVE-2021-3409
 - DLA 2560-1: group 8 pending medium-severity CVEs
   https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
- php-horde-text-filter
 - DLA 2564-1
   https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html
- golang
 - initial triage and backport, to be continued next month
- Documentation and tooling
 - Generate a list of packages that have had (recurrent) security
   updates and would benefit from a DEP-8 (autopkgtest) suite
   https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/1#note_216446
 - Security tracker's web interface: sort CVEs correctly
   https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/76
 - Support for insecure applications: provide point
   https://lists.debian.org/debian-lts/2021/02/msg00035.html
 - Reference dose-deve for finding reverse /build/ dependencies
   https://wiki.debian.org/LTS/Development#Test_the_update
 - Golang testsuite and specific security approach
   https://wiki.debian.org/LTS/TestSuites/golang
 - Lead discussion on better tracking vulnerabilities across
   renamed/related packages
   https://lists.debian.org/debian-lts/2021/02/msg00083.html
 - Keyring issues: write-up
   https://lists.debian.org/debian-lts/2021/02/msg00091.html


ELTS

- qemu
 - common work with LTS
 - ELA 364-1
   https://deb.freexian.com/extended-lts/updates/ela-364-1-qemu/
- ntp backport (context-specific sponsor request)
- php-horde-text-filter
 - common work with LTS
 - ELA 365-1
   https://deb.freexian.com/extended-lts/updates/ela-365-1-php-horde-text-filter/
- imagemagick
 - explain past triage in the context of an upcoming ELA
- golang
 - common work with LTS, to be continued next month
 - fix test suite

--
Sylvain Beucler
Debian LTS Team


Reply to: