Debian LTS and ELTS - April 2021
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
– php-pear / Archive_Tar
– Fix test suite
– DLA 2621-1
https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html
– ruby-nokogiri: triage
– zabbix
– upgrade stretch to final 3.0.x version
– global CVE triage
– DLA 2631-1
https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html
– libspring-java
– global triage: identify some patches, request help from upstream
https://github.com/spring-projects/spring-framework/issues/26821
– DLA-2635-1
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
– jetty: global CVE triage
ELTS
– triage newly supported packages thanks to new sponsors
– zabbix
– common work with LTS
– ELA-406-1
https://deb.freexian.com/extended-lts/updates/ela-406-1-zabbix/
– libspring-java
– common work with LTS
– ELA-408-1
https://deb.freexian.com/extended-lts/updates/ela-408-1-libspring-java/
– python-bleach: ELA-411-1
https://deb.freexian.com/extended-lts/updates/ela-411-1-python-bleach/
– jetty: manually track CVEs (due to subsequent package rename)
Documentation and tooling
– Help with give-back procedure, update documentation
https://lists.debian.org/debian-lts/2021/04/msg00033.html
https://wiki.debian.org/LTS/Development#Build_the_update
– debian-security-support: automatically report unsupported ecosystems
(disputed)
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/20
https://bugs.debian.org/986333
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/10
https://lists.debian.org/debian-lts/2021/04/msg00028.html
– debian-security-support: fix missing alerts due to bug in version-based check
(merge pending)
https://bugs.debian.org/986581
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/9
– security tracker: sort CVEs as versions, everywhere and in a cleaner way
(request from March now merged)
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/81
– Discuss tracking unbound1.9 (stretch-specific package)
https://lists.debian.org/debian-lts/2021/04/msg00059.html
– Team meeting (video-conf)
– Suggest clarifying mandatory/optional participation to project-wide tasks
– Suggest subscription/access to some other distros' private security repos
--
Sylvain Beucler
Debian LTS Team
Reply to: