Debian LTS and ELTS - July 2022
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
Note: LTS was inactive during July, as stretch moved to ELTS, but
buster remained under standard Debian security support until August.
- front-desk / buster preparation
- data/dla-needed.txt: reference workflow during buster transition (July)
- data/dla-needed.txt: warn about conflict with proposed-updates (August)
- ffmpeg: clean-up buster status (reference CVEs fixed by DSA-5126-1)
- php: identify patches for CVE-2022-31625 and CVE-2022-31626
- slurm-llnl: discuss EOL status
- Mark 8 supported packages for update
- Associate CVEs with 7 related/renamed supported packages
- Set vulnerability status for 6 CVEs, add information to others
- Report webkit* support limitations
Documentation and tooling
- Rationale on lts-cve-triage.py "to be fixed or <ignored>" recommendation
- Decide what to do with the <no-dsa> CVEs: contribute opinion
- LTS documentation: fix a couple migration issues
- IRC meeting
Debian LTS Team