Debian LTS and ELTS - February 2023
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
- Front Desk (week 9, March half)
- Mark 6 packages for update
- Triage or precise triage for 15+ CVEs
- golang* buster triage/harmonization
- runc (docker.io dependency)
- New CVE-2023-27561 for the issue I reported last month
- DLA 3369-1
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- Fix a couple build issues
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033604
- qemu
- Re-check for applicable patches in long-standing issues
- DLA 3362-1
https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html
- xapian-core
- upload from Debian maintainer, I helped with administrative parts
- DLA 3355-1
https://lists.debian.org/debian-lts-announce/2023/03/msg00016.html
ELTS
- Front Desk (week 9, March half)
- Refresh/re-check package transitions, to continue tracking CVEs in
older dists semi-automatically
- Commit related-packages.py pending better inclusion in Debian
(non-ELTS) security-tracker
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/12
- Associate CVEs from newer, branched 'freerdp*', 'mariadb-*', 'openssl*',
'tcl*' and 'unbound-*' Debian packages to older ELTS packages
- Mark 5 supported packages for update
- Triage or precise triage for <10 CVEs
- qemu
- Drop from task list (too little to do or fix at the moment)
Documentation and tooling
- Follow-up on obsolete but supported packages that may lack active
CVE triage (such as python2)
- Check for other occurrences, discard false positives
- Private discussion for status/goal
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/50
- Initiate discussion with the Debian Security Team
https://lists.debian.org/debian-lts/2023/03/msg00036.html
- Private discussion on package priority
- Update internal documentation (freexian.gitlab.io, private)
- Feedback on scripts reorganization (private mailing-list)
- LTS Documentation
- Development: add note on DLA delay, more info Built-Using
https://lts-team.pages.debian.net/wiki/Development.html
- TestSuites: qemu: minor clarifications
https://lts-team.pages.debian.net/wiki/TestSuites/qemu.html
- Newcomers help on IRC
- User help: seabios buggy in Buster
https://lists.debian.org/debian-lts/2023/03/msg00046.html
- Monthly meeting (via IRC)
http://meetbot.debian.net/debian-lts/2023/debian-lts.2023-03-23-13.58.html
--
Sylvain Beucler
Debian LTS Team
Reply to: