Debian LTS and ELTS - February 2023

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS - February 2023
From: Sylvain Beucler <beuc@beuc.net>
Date: Sat, 1 Apr 2023 19:39:59 +0200
Message-id: <[🔎] 20230401173959.GA32213@mail.beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors


LTS

- Front Desk (week 9, March half)
  - Mark 6 packages for update
  - Triage or precise triage for 15+ CVEs
  - golang* buster triage/harmonization

- runc (docker.io dependency)
  - New CVE-2023-27561 for the issue I reported last month
  - DLA 3369-1
    https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
  - Fix a couple build issues
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033604

- qemu
  - Re-check for applicable patches in long-standing issues
  - DLA 3362-1
    https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html

- xapian-core
  - upload from Debian maintainer, I helped with administrative parts
  - DLA 3355-1
    https://lists.debian.org/debian-lts-announce/2023/03/msg00016.html


ELTS

- Front Desk (week 9, March half)
  - Refresh/re-check package transitions, to continue tracking CVEs in
    older dists semi-automatically
    - Commit related-packages.py pending better inclusion in Debian
      (non-ELTS) security-tracker
      https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/12
  - Associate CVEs from newer, branched 'freerdp*', 'mariadb-*', 'openssl*',
    'tcl*' and 'unbound-*' Debian packages to older ELTS packages
  - Mark 5 supported packages for update
  - Triage or precise triage for <10 CVEs

- qemu
  - Drop from task list (too little to do or fix at the moment)


Documentation and tooling

- Follow-up on obsolete but supported packages that may lack active
  CVE triage (such as python2)
  - Check for other occurrences, discard false positives
  - Private discussion for status/goal
    https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/50
  - Initiate discussion with the Debian Security Team
    https://lists.debian.org/debian-lts/2023/03/msg00036.html

- Private discussion on package priority
  - Update internal documentation (freexian.gitlab.io, private)

- Feedback on scripts reorganization (private mailing-list)

- LTS Documentation
  - Development: add note on DLA delay, more info Built-Using
    https://lts-team.pages.debian.net/wiki/Development.html
  - TestSuites: qemu: minor clarifications
    https://lts-team.pages.debian.net/wiki/TestSuites/qemu.html

- Newcomers help on IRC

- User help: seabios buggy in Buster
  https://lists.debian.org/debian-lts/2023/03/msg00046.html
  
- Monthly meeting (via IRC)
  http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-03-23-13.58.html

-- 
Sylvain Beucler
Debian LTS Team

Reply to:

Next by Date: Re: Triage status for a few old packages
Next by thread: Re: Triage status for a few old packages
Index(es):
- Date
- Thread