Debian LTS and ELTS - November 2022
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
- ffmpeg
- Update to latest stable 4.1.x
- Resolve test suite irregular failure upstream
https://trac.ffmpeg.org/ticket/10010
- DLA 3178-1
https://lists.debian.org/debian-lts-announce/2022/11/msg00004.html
- Front Desk
- Mark 12 packages for update
- Mark 14 NodeJS packages with bullseye-targeted updates to backport
- Triage or precise triage for 10+ CVEs
- Standardize/clarify buster-lts triage for golang* packages:
follow-up fixes for September work
- qemu: full recheck/update for 2019-2022 postponed CVEs
- phpseclib/php-phpseclib
- Clarify CVE-2021-30130 status
- Sync with stable/bullseye maintainer
- Backport bullseye to import test suite infrastructure + CVE fix
with minimum regression risk; test reverse dependencies
- DLA 3197-1 phpseclib (1.x)
https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
- DLA 3198-1 php-phpseclib (2.x)
https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html
- libarchive
- Fix 1 CVE triage (CVE-2021-36976)
- Notify past uploader about possible leak in CVE-2021-31566 fix
(now in ELTS suites)
- DLA 3202-1
https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html
ELTS
- Front Desk (October/November weeks 2/2)
- Mark 15 supported packages for update
- Associate CVEs from newer, branched 'golang*' and 'python3.*'
Debian packages to older ELTS packages
- Triage or precise triage for 6 CVEs
- Feedback with LTS Front Desk on common triage
- qemu: full recheck/update for 2019-2022 postponed CVEs
- ffmpeg: clean-up/fix past triage
Documentation and tooling
- LTS Documentation
- Fix broken internal links following page renames
- asan: reference -static-libasan issue with C++ programs
https://lts-team.pages.debian.net/howtos/lts-Development-Asan.html
- Test Suites: add instructions for libarchive
https://lts-team.pages.debian.net/wiki/TestSuites/libarchive.html
- Feedback on Salsa CI for buster
https://lists.debian.org/debian-lts/2022/11/msg00016.html
https://lists.debian.org/debian-lts/2022/11/msg00022.html
- Answer external clarification request about Debian Security tracker triage
https://lists.debian.org/debian-security/2022/11/msg00002.html
- New contributor help (via IRC)
- Monthly meeting (via IRC)
http://meetbot.debian.net/debian-lts/2022/debian-lts.2022-11-24-13.59.html
--
Sylvain Beucler
Debian LTS Team
Reply to: