[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS and ELTS - July 2022

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.


Note: LTS was inactive during July, as stretch moved to ELTS, but
buster remained under standard Debian security support until August.

- front-desk / buster preparation
  - data/dla-needed.txt: reference workflow during buster transition (July)
  - data/dla-needed.txt: warn about conflict with proposed-updates (August)
  - ffmpeg: clean-up buster status (reference CVEs fixed by DSA-5126-1)
  - php: identify patches for CVE-2022-31625 and CVE-2022-31626
  - slurm-llnl: discuss EOL status


- front-desk
  - Mark 8 supported packages for update
  - Associate CVEs with 7 related/renamed supported packages
  - Set vulnerability status for 6 CVEs, add information to others
  - Report webkit* support limitations

Documentation and tooling

- Discussions
  - Rationale on lts-cve-triage.py "to be fixed or <ignored>" recommendation
  - Decide what to do with the <no-dsa> CVEs: contribute opinion

- LTS documentation: fix a couple migration issues

- IRC meeting

Sylvain Beucler
Debian LTS Team

Reply to: