Debian LTS and ELTS - November 2022

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS - November 2022
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 1 Dec 2022 13:42:55 +0100
Message-id: <[🔎] 20221201124255.GA9537@mail.beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors


LTS

- ffmpeg
  - Update to latest stable 4.1.x
  - Resolve test suite irregular failure upstream
    https://trac.ffmpeg.org/ticket/10010
  - DLA 3178-1
    https://lists.debian.org/debian-lts-announce/2022/11/msg00004.html

- Front Desk
  - Mark 12 packages for update
  - Mark 14 NodeJS packages with bullseye-targeted updates to backport
  - Triage or precise triage for 10+ CVEs
  - Standardize/clarify buster-lts triage for golang* packages:
    follow-up fixes for September work
  - qemu: full recheck/update for 2019-2022 postponed CVEs

- phpseclib/php-phpseclib
  - Clarify CVE-2021-30130 status
  - Sync with stable/bullseye maintainer
  - Backport bullseye to import test suite infrastructure + CVE fix
    with minimum regression risk; test reverse dependencies
  - DLA 3197-1 phpseclib (1.x)
    https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html
  - DLA 3198-1 php-phpseclib (2.x)
    https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html

- libarchive
  - Fix 1 CVE triage (CVE-2021-36976)
  - Notify past uploader about possible leak in CVE-2021-31566 fix
    (now in ELTS suites)
  - DLA 3202-1
    https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html


ELTS

- Front Desk (October/November weeks 2/2)
  - Mark 15 supported packages for update
  - Associate CVEs from newer, branched 'golang*' and 'python3.*'
    Debian packages to older ELTS packages
  - Triage or precise triage for 6 CVEs
  - Feedback with LTS Front Desk on common triage
  - qemu: full recheck/update for 2019-2022 postponed CVEs
  - ffmpeg: clean-up/fix past triage


Documentation and tooling

- LTS Documentation
  - Fix broken internal links following page renames
  - asan: reference -static-libasan issue with C++ programs
    https://lts-team.pages.debian.net/howtos/lts-Development-Asan.html
  - Test Suites: add instructions for libarchive
    https://lts-team.pages.debian.net/wiki/TestSuites/libarchive.html

- Feedback on Salsa CI for buster
  https://lists.debian.org/debian-lts/2022/11/msg00016.html
  https://lists.debian.org/debian-lts/2022/11/msg00022.html

- Answer external clarification request about Debian Security tracker triage
  https://lists.debian.org/debian-security/2022/11/msg00002.html

- New contributor help (via IRC)

- Monthly meeting (via IRC)
  http://meetbot.debian.net/debian-lts/2022/debian-lts.2022-11-24-13.59.html

-- 
Sylvain Beucler
Debian LTS Team

Reply to:

Next by Date: Status of buster/armel
Next by thread: Status of buster/armel
Index(es):
- Date
- Thread