Debian LTS and ELTS - April 2022
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
- CVEs triage (first half-week of the month)
- Add 9 packages for update
- Assess vulnerability status for 8 CVEs
- Clarify several CVEs status
- libreoffice: harmonize CVEs triage and drop update for now
- lrzip
- Fix/precise triage for 2 unfixed CVEs, reference 5 fixed minor CVEs
- Re-open unfixed CVE upstream
https://github.com/ckolivas/lrzip/issues/91#issuecomment-1095265583
- Precise triage for other CVEs
- DLA-2981-1
https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html
- golang-1.7, golang-1.8
- Harmonize with Debian 11.3
- DLA 2985-1, DLA 2986-1
https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html
ELTS
- CVEs triage (first half-week of the month)
- common work with LTS
- lrzip
- Common work with LTS
- Harmonize with stretch
- ELA-597-1
https://deb.freexian.com/extended-lts/updates/ela-597-1-lrzip/
- golang
- Common work with LTS
- ELA-600-1
https://deb.freexian.com/extended-lts/updates/ela-600-1-golang/
Documentation and tooling
- security-tracker: lts-cve-triage.py
- Tracking oldstable/stable updates suitable for (missing in) LTS
https://lists.debian.org/debian-lts/2022/04/msg00011.html
- handle '/stable', '/oldstable' notations in dsa-needed.txt
e.g. twig/oldstable
- support for new 'debian-security-support' patterns
- LTS documentation
- 'debian-security-support' info
https://wiki.debian.org/LTS/Development?action=diff&rev2=287&rev1=286
https://lists.debian.org/debian-lts/2022/04/msg00003.html
- triage: precise how to use the 'oldstable' report
https://wiki.debian.org/LTS/Development?action=diff&rev2=289&rev1=288
- Internal discussions
- Unsupported packages in jessie and stretch ELTS
- Documenting specific procedures for packages
- Jitsi meeting
--
Sylvain Beucler
Debian LTS Team
Reply to: