Debian LTS and ELTS - July 2022

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS - July 2022
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 1 Aug 2022 17:39:42 +0200
Message-id: <[🔎] 20220801153942.GA11569@mail.beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors


LTS

Note: LTS was inactive during July, as stretch moved to ELTS, but
buster remained under standard Debian security support until August.

- front-desk / buster preparation
  - data/dla-needed.txt: reference workflow during buster transition (July)
  - data/dla-needed.txt: warn about conflict with proposed-updates (August)
  - ffmpeg: clean-up buster status (reference CVEs fixed by DSA-5126-1)
  - php: identify patches for CVE-2022-31625 and CVE-2022-31626
  - slurm-llnl: discuss EOL status
    https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/39


ELTS

- front-desk
  - Mark 8 supported packages for update
  - Associate CVEs with 7 related/renamed supported packages
  - Set vulnerability status for 6 CVEs, add information to others
  - Report webkit* support limitations


Documentation and tooling

- Discussions
  - Rationale on lts-cve-triage.py "to be fixed or <ignored>" recommendation
    https://lists.debian.org/debian-lts/2022/07/msg00036.html
  - Decide what to do with the <no-dsa> CVEs: contribute opinion
    https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/38

- LTS documentation: fix a couple migration issues

- IRC meeting

-- 
Sylvain Beucler
Debian LTS Team

Reply to:

Next by Date: EOL candidates for security-support-ended.deb10
Next by thread: EOL candidates for security-support-ended.deb10
Index(es):
- Date
- Thread