Debian LTS and ELTS - August 2021
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
– openexr
– DLA 2732-1
https://lists.debian.org/debian-lts-announce/2021/08/msg00008.html
– Clarify (non-)impact of CVE-2021-23215 fix
– CVEs triage
– common triaging work related to ELTS front-desk duty
– global triage / versioning precisions: ckeditor, modsecurity-crs,
qt*, sssd, fig2dev
– clarify long-standing packages status (python-babel, mosquitto)
– coordinate with contributors performing conflicting triaging
ELTS
– openexr
– common work with LTS
– ELA-469-1
https://deb.freexian.com/extended-lts/updates/ela-469-1-openexr/
– front-desk duty
– triage jessie vulnerabilities: courier, apache2, ckeditor,
glances, hivex, libgd2, modsecurity-crs, perl, qt, sssd, qemu,
transfig, cpio
– non-front-desk CVEs triage
– libonig: mark CVE-2020-26159 for revert
– fix duplicate causing database errors
– notified FD about now-unsupported package triage
Documentation and tooling
– Tracking related source packages
https://lists.debian.org/debian-lts/2021/08/msg00045.html
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/2
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/12
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/88
Write new flexible tool to help with specific triaging issues, especially:
– decision support with packages whose code in embedded into others
– automatically tracking CVEs for old renamed packages (ELTS)
Coordinate with security team for official inclusion in shared repo
– bin/give-back-hours: sync fixes lts->elts
– Reference golang security rationale for newly-released bullseye
https://wiki.debian.org/LTS/TestSuites/golang
– Suggest standard tracking for non-standard issues
https://lists.debian.org/debian-lts/2021/08/msg00010.html
– Check amd64-microcode status following users report
https://lists.debian.org/debian-lts/2021/08/msg00056.html
– Team meeting (Jitsi)
--
Sylvain Beucler
Debian LTS Team
Reply to: